Re: madison
On Tue, Jul 17, 2001 at 12:06:39PM +1000, Anthony Towns wrote:
> The sponsor is, as far as Debian is concerned. S/He's the one we trust to
> ensure that upload doesn't contain trojans, and the one we can actually
> identify if we have any need to.
Unfortunately... we can't. As far as I can tell, the sponsor's name is
only in the .changes file, which we (still?) throw away after installing
the packages.
> Sponsorship is a gaping hole in our trust model.
Agreed.
--
Richard Braakman
Will write free software for money.
See http://www.xs4all.nl/~dark/resume.html
Reply to:
- References:
- Re: madison
- From: Anthony Towns <aj@azure.humbug.org.au>
- Re: madison
- From: Jimmy Kaplowitz <jimmy@debian.org>
- Re: madison
- From: Anthony Towns <aj@azure.humbug.org.au>