Re: RFC: Central version control for Debian

To: debian-devel@lists.debian.org
Subject: Re: RFC: Central version control for Debian
From: Steve Greenland <stevegr@debian.org>
Date: Thu, 1 Feb 2001 08:52:20 -0600
Message-id: <[🔎] 20010201085220.C21313@molehole.moregruel.net>
Mail-followup-to: debian-devel@lists.debian.org
Reply-to: Steve Greenland <stevegr@debian.org>
In-reply-to: <20010131174448.P899@alcor.net>; from mdz@debian.org on Wed, Jan 31, 2001 at 05:44:51PM -0500
References: <20010129165414.L2501@alcor.net> <20010131205531.DE08AA83E@darjeeling.zadka.site.co.il> <20010131174448.P899@alcor.net>

On 31-Jan-01, 16:44 (CST), Matt Zimmerman <mdz@debian.org> wrote:
> On Wed, Jan 31, 2001 at 10:55:31PM +0200, Moshe Zadka wrote:
>
> > I may be reading you wrong here, but I'm not sure you need enough
> > flexibility in CVS if you trust the developers: put it up with wide
> > open permissions to the developers, and have a clear policy which it
> > is up for the people to enforce on themselves. That's the way the
> > Python development is organized, and it seems to be going great.
>
> Debian has many more developers (probably) working on a much larger
> code base (definitely).  For a developer to sign a source package with
> her key, she must have first-hand knowledge of all changes to the
> source.  Imagine a malicious user making direct changes to the CVS
> repository; this change would be almost impossible to detect.

The problem is not only malicious developers (which I think would
be rare), it's well-meaning but ill- advised patches (which are not
uncommon).

Steve
-- 
Steve Greenland <stevegr@debian.org>
(Please do not CC me on mail sent to this list; I subscribe to and read
every list I post to.)

Reply to:

Prev by Date: Re: FHS compliance and UNIX sockets
Next by Date: Re: Avifile 0.6 version available
Previous by thread: Re: RFC: Central version control for Debian
Next by thread: Re: RFC: Central version control for Debian
Index(es):
- Date
- Thread