[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: The Debian Mentors Project



On Mon, 12 May 2003, Daniel K. Gebhart wrote:

> This project is a benefit for maintainers (non-DDs) and their sponsors
> (DDs). Maintainers are able to upload packagages to mentors.debian.net
> and point their sponsors to this server. Sponsors can download and test 
> this packages by downloading them after expansion their sources.list[2].

First off, thanks for the effort spent in getting this working.  It seems
like it could be a useful resource for the non-DD packaging public (heh).  I
have a few issues with your upload queue support, in particular.

It appears as though anyone who has an account can upload any package they
like.  While this isn't a pressing problem for sponsors (since they'll be
collecting source and checking the signatures on the .dsc), this could be a
*very* serious problem for anyone who starts relying on the binary packages
uploaded to m.d.n.  What sort of protections do you have in place or plan to
put in place to protect against this sort of thing?


-- 
-----------------------------------------------------------------------
#include <disclaimer.h>
Matthew Palmer, Geek In Residence
http://ieee.uow.edu.au/~mjp16




Reply to: