[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Status of new packages in Incoming?

Steve Greenland wrote:
> I think the key difference is that if some one screws with the BTS or
> the Debian web site, it's not going to *me* any harm during the time
> it takes to discover and undo the damage. If someone installs a bad or
> malicious libc6 in the archive, a buncha people could get seriously
> screwed.

Yes, but we have nothing in place right now to prevent anyone installing a
bad or malicious package into the archive. Upgrades to packages that already
exist are already installed automatically -- as far as I know this applies
to NMU's as well; any developer can slip a bad or malicious package in and
it will not be caught until it hits the mirrors.

So I think your concern is orthagonal to what I am proposing.

see shy jo

Reply to: