On Tue, 21 Oct 2003 23:05:27 +0200 Bernd Eckenfels <lists@lina.inka.de> wrote: > On Tue, Oct 21, 2003 at 03:12:17PM -0500, Gunnar Wolf wrote: > > beyond any recognition - but the basic idea stands. I would prefer not > > letting packages into testing which were not autobuilt. > > Another argument: trojaned binaries can more easyly happen on hundrets of > machines with differen secuirty policies. Not that I think auto builders are > safe from that, but the environemnt is more easyly controleable. Yeah, instead of having to break into hundreds of maintainers' boxes to make sure that the binaries are torjaned, he only has to break into one. Familiar with the term "single point of failure"? :)
Attachment:
pgpSaAuwSr1sd.pgp
Description: PGP signature