[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: "Hijacking packages for fun and profit" BoF at DebConf


> Hijack tokens
> -------------
> At the moment, *any* uploading DD can hijack by simply uploading a new
> package version. Is that reasonable, or should we attempt to control
> it somehow? There was a concept suggested of "hijack tokens" - an idea
> that maintainers should be allowed to hijack packages so long as they
> show sense. Only one hijack would be allowed per DD by default, with
> maybe more tokens being allocated depending on age / experience /
> responsibility within the project. The tokens could be allocated to
> developers by the Tech Committee, or maybe restored after review once
> a hijack has happened. Potentially problematic, but maybe a useful
> idea for discussion?

do we have statistics that show how many packages were really "hijacked" in such
a bad way that we would need to introduce some kind of token? I think we had
some rare cases over the last years which were discussed and solved. Do we
really need that extra work of introducing tokens?



 Bernd Zeimetz                            Debian GNU/Linux Developer
 http://bzed.de                                http://www.debian.org
 GPG Fingerprint: ECA1 E3F2 8E11 2432 D485  DD95 EB36 171A 6FF9 435F

Reply to: