Re: Status of new packages in Incoming?

To: debian-devel <debian-devel@lists.debian.org>
Subject: Re: Status of new packages in Incoming?
From: Joey Hess <joey@kitenet.net>
Date: Mon, 27 Sep 1999 09:36:12 -0700
Message-id: <[🔎] 19990927093612.H18583@kitenet.net>
Mail-followup-to: debian-devel <debian-devel@lists.debian.org>
In-reply-to: <[🔎] 19990927112232.A28684@molehole>
References: <14318.571.288112.596601@bolero> <37EE4F68.F5A80EC8@hermes.cam.ac.uk> <19990926161932.A27166@glitch.snoozer.net> <37EE9EE4.A15B569C@hermes.cam.ac.uk> <19990926224434.B18583@kitenet.net> <[🔎] 19990927112232.A28684@molehole>

Steve Greenland wrote:
> I think the key difference is that if some one screws with the BTS or
> the Debian web site, it's not going to *me* any harm during the time
> it takes to discover and undo the damage. If someone installs a bad or
> malicious libc6 in the archive, a buncha people could get seriously
> screwed.

Yes, but we have nothing in place right now to prevent anyone installing a
bad or malicious package into the archive. Upgrades to packages that already
exist are already installed automatically -- as far as I know this applies
to NMU's as well; any developer can slip a bad or malicious package in and
it will not be caught until it hits the mirrors.

So I think your concern is orthagonal to what I am proposing.

-- 
see shy jo

Reply to:

References:
- Re: Status of new packages in Incoming?
  - From: Steve Greenland <stevegr@debian.org>

Prev by Date: a question about BTS severities
Next by Date: Re: Status of new packages in Incoming?
Previous by thread: Re: Status of new packages in Incoming?
Next by thread: Re: Status of new packages in Incoming?
Index(es):
- Date
- Thread