Re: madison

To: debian-devel@lists.debian.org
Subject: Re: madison
From: Richard Braakman <dark@xs4all.nl>
Date: Tue, 17 Jul 2001 14:01:05 +0300
Message-id: <[🔎] 20010717140105.A1363@cs140102.pp.htv.fi>
In-reply-to: <[🔎] 20010717120639.A31053@azure.humbug.org.au>
References: <[🔎] 20010716161707.A1287@blae.localnet> <[🔎] 20010716110226.A29920@cato.kaplowitz.org> <[🔎] 20010717120639.A31053@azure.humbug.org.au>

On Tue, Jul 17, 2001 at 12:06:39PM +1000, Anthony Towns wrote:
> The sponsor is, as far as Debian is concerned. S/He's the one we trust to
> ensure that upload doesn't contain trojans, and the one we can actually
> identify if we have any need to.

Unfortunately... we can't.  As far as I can tell, the sponsor's name is
only in the .changes file, which we (still?) throw away after installing
the packages.

> Sponsorship is a gaping hole in our trust model.

Agreed.

-- 
Richard Braakman
Will write free software for money.
See http://www.xs4all.nl/~dark/resume.html

Reply to:

Follow-Ups:
- Re: madison
  - From: Gustavo Noronha Silva <kov@debian.org>
- Re: madison
  - From: Jimmy Kaplowitz <jimmy@debian.org>

References:
- Re: madison
  - From: Anthony Towns <aj@azure.humbug.org.au>
- Re: madison
  - From: Jimmy Kaplowitz <jimmy@debian.org>
- Re: madison
  - From: Anthony Towns <aj@azure.humbug.org.au>

Prev by Date: Re: How can I trace a segfault on program start?
Next by Date: Re: ITP: tsocks -- transparent network access through a SOCKS 4 or 5 proxy
Previous by thread: Re: madison
Next by thread: Re: madison
Index(es):
- Date
- Thread