Re: The Debian Mentors Project

To: debian-devel@lists.debian.org, debian-mentors@lists.debian.org, private@mentors.debian.net
Subject: Re: The Debian Mentors Project
From: Ivo Marino <eim@mentors.debian.net>
Date: Tue, 13 May 2003 01:20:18 +0200
Message-id: <[🔎] 20030512232018.GA4565@eimbox.org>
Mail-followup-to: debian-devel@lists.debian.org, debian-mentors@lists.debian.org, private@mentors.debian.net
In-reply-to: <[🔎] Pine.LNX.4.10.10305130822240.18732-100000@magnetron.ieee.uow.edu.au>
References: <[🔎] 20030512204803.GA970@con-fuse.org> <[🔎] Pine.LNX.4.10.10305130822240.18732-100000@magnetron.ieee.uow.edu.au>

On Tue, 13 May 2003, Matthew Palmer wrote:

> First off, thanks for the effort spent in getting this working.  It seems
> like it could be a useful resource for the non-DD packaging public (heh).  I
> have a few issues with your upload queue support, in particular.
>
First of all thanks for your feedback and compliments, we really
appreciate it.

> It appears as though anyone who has an account can upload any package they
> like.  While this isn't a pressing problem for sponsors (since they'll be
> collecting source and checking the signatures on the .dsc), this could be a
> *very* serious problem for anyone who starts relying on the binary packages
> uploaded to m.d.n.  What sort of protections do you have in place or plan to
> put in place to protect against this sort of thing?
>
Well, actually the whole system is in a "real life" testing phase, this
means that users can upload their packages mainly to test the server's
repository fucntionality, I'm quite sure there are still some bugs which
have to be discovered and fixed. We keep eyes open.

In the meantime we're working on low and high level adminsitration tools
which will allow us to easily mantain all the users accounts on the
system and their respective uploaded packages, if some user isn't
trustable it will be banned from the system.

Of course we can't actually ensure that all uploaded packages on the
system are secure, for now we trust the testers of the system but in
future we'll introduce higher security standards.

If someone can allready point out an eventual solution for this problem
we'll open to consider any suggestion in order to improve the system.

Furthermore I want and must remember anyone that the we won't be responsable
for eventual security problems in the packages on the server, feel free to
use the service we offer but at your own risk.

For now we trust our users and I hope we don't ask to much.
Best regards,

 I.

-- 
                        )/_
              _.--..---"-,--c_    Ivo Marino <eim@mentors.debian.net>
         \L..'           ._O__)_  webpage http://mentors.debian.net/~eim/
 -.      _.+  _  \..--( /         FreeNode irc.FreeNode.net #debian-mentors
   `\.-''__.-' \ (     \_         Debian Mentors, A Public Package Repository
     `'''        `\__   /\
                  ')

Attachment: pgp_Wji4WjSz5.pgp
Description: PGP signature

Reply to:

Follow-Ups:
- Re: The Debian Mentors Project
  - From: Jack Moffitt <jack@xiph.org>
- Re: The Debian Mentors Project
  - From: joe@nahmias.net (Joe Nahmias)

References:
- The Debian Mentors Project
  - From: "Daniel K. Gebhart" <dkg@con-fuse.org>
- Re: The Debian Mentors Project
  - From: Matthew Palmer <mjp16@ieee.uow.edu.au>

Prev by Date: Re: The Debian Mentors Project
Next by Date: can touch(1) readonly files
Previous by thread: Re: The Debian Mentors Project
Next by thread: Re: The Debian Mentors Project
Index(es):
- Date
- Thread