Re: games-team membership requests [was Re: xz backdoor]
Hi Markus,
You're doing fine.
The tactic of the attacker is to generate noise to hide bad intentions.
A quick & easy way to reduce the noise on our side is easy:
merge or reject all these old janitor MR.
I do trust Jelmer/the janitor, he did absolutley nothing wrong;
I never acted on these MR myself before
because I didn't wanted to stomp on other people feet.
But with recent events it looks more important to clear the MR queue.
So I'll basically merge every janitor MR that still merge cleanly &
close the rest.
people can always use lintian-brush by hand to get same result.
Greetings
Le dim. 31 mars 2024 à 15:52, Markus Koschany <apo@debian.org> a écrit :
>
> Am Sonntag, dem 31.03.2024 um 12:13 +0200 schrieb Alexandre Detiste:
> > BTW it's quite smart to attack Games team:
> > as we're used to get legit one-off MR from people
> > never to be seen again later.
>
> Occasionally someone requests games team membership on salsa and I am the one
> who can grant access or not. I usually only grant developer access when people
> introduce themselves to the list first and maintainer access only when they are
> already a DM or DD. Everyone else receives either "guest" status or will be
> rejected. If you think this is too strict or too lenient, let me know and we
> can review each case individually. Just wanted to mention that in light of the
> xz compromise and because we had to reject a person for the Java team in the
> past, who never did a contribution before and just requested access to various
> repositories.
>
> Regards,
>
> Markus
Reply to: