Re: What's the deal with NMUs? [was Re: Are you still there?]

[Bernd Eckenfels <lists@lina.inka.de>]

On Tue, Nov 04, 2003 at 04:42:14PM -0800, Tom wrote:
> I'm confused by the concept of NMU: can anybody just arbitrarily upload 
> a new version of a package?  I have a feeling that are some controls but 
> it seems pretty wild and wooly, and subject to abuse.

Any Debian Developer can, but not unnoticed.

> The whole openness of the bug tracking system and package system seems 
> particularly vulnerable to persons with malicious and subversive intent.

How do you think the open process, which is the main feature of debian can
be exploited in that area?

> Has anybody ever "attacked" the Debian process?  Are there specific 
> controls in place to prevent "attacks", or has it just never come up?

Indeed the large base of trusted developers is a problem and a feature at
the same time. But since we are able to pretty well track all modifications,
it is not such a big issue.

Greetings
Bernd
-- 
  (OO)      -- Bernd_Eckenfels@Wendelinusstrasse39.76646Bruchsal.de --
 ( .. )  ecki@{inka.de,linux.de,debian.org} http://home.pages.de/~eckes/
  o--o     *plush*  2048/93600EFD  eckes@irc  +497257930613  BE5-RIPE
(O____O)  When cryptography is outlawed, bayl bhgynjf jvyy unir cevinpl!