[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: madison

On Tue, Jul 17, 2001 at 12:06:39PM +1000, Anthony Towns wrote:
> The sponsor is, as far as Debian is concerned. S/He's the one we trust to
> ensure that upload doesn't contain trojans, and the one we can actually
> identify if we have any need to.

Unfortunately... we can't.  As far as I can tell, the sponsor's name is
only in the .changes file, which we (still?) throw away after installing
the packages.

> Sponsorship is a gaping hole in our trust model.


Richard Braakman
Will write free software for money.
See http://www.xs4all.nl/~dark/resume.html

Reply to: