Re: What's the deal with NMUs? [was Re: Are you still there?]
On Tue, Nov 04, 2003 at 04:42:14PM -0800, Tom wrote:
> I'm confused by the concept of NMU: can anybody just arbitrarily upload
> a new version of a package? I have a feeling that are some controls but
> it seems pretty wild and wooly, and subject to abuse.
Any Debian Developer can, but not unnoticed.
> The whole openness of the bug tracking system and package system seems
> particularly vulnerable to persons with malicious and subversive intent.
How do you think the open process, which is the main feature of debian can
be exploited in that area?
> Has anybody ever "attacked" the Debian process? Are there specific
> controls in place to prevent "attacks", or has it just never come up?
Indeed the large base of trusted developers is a problem and a feature at
the same time. But since we are able to pretty well track all modifications,
it is not such a big issue.
Greetings
Bernd
--
(OO) -- Bernd_Eckenfels@Wendelinusstrasse39.76646Bruchsal.de --
( .. ) ecki@{inka.de,linux.de,debian.org} http://home.pages.de/~eckes/
o--o *plush* 2048/93600EFD eckes@irc +497257930613 BE5-RIPE
(O____O) When cryptography is outlawed, bayl bhgynjf jvyy unir cevinpl!
Reply to: