[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: RFC: Central version control for Debian

On 31-Jan-01, 16:44 (CST), Matt Zimmerman <mdz@debian.org> wrote:
> On Wed, Jan 31, 2001 at 10:55:31PM +0200, Moshe Zadka wrote:
> > I may be reading you wrong here, but I'm not sure you need enough
> > flexibility in CVS if you trust the developers: put it up with wide
> > open permissions to the developers, and have a clear policy which it
> > is up for the people to enforce on themselves. That's the way the
> > Python development is organized, and it seems to be going great.
> Debian has many more developers (probably) working on a much larger
> code base (definitely).  For a developer to sign a source package with
> her key, she must have first-hand knowledge of all changes to the
> source.  Imagine a malicious user making direct changes to the CVS
> repository; this change would be almost impossible to detect.

The problem is not only malicious developers (which I think would
be rare), it's well-meaning but ill- advised patches (which are not

Steve Greenland <stevegr@debian.org>
(Please do not CC me on mail sent to this list; I subscribe to and read
every list I post to.)

Reply to: