Re: Preventing government subversion in Debian, verification of binary package uploads

To: debian-devel@lists.debian.org
Subject: Re: Preventing government subversion in Debian, verification of binary package uploads
From: Thomas Hood <jdthood@gmail.com>
Date: Sat, 24 Aug 2013 23:45:54 +0200
Message-id: <[🔎] 52192992.6070605@gmail.com>
In-reply-to: <[🔎] CAGKbab_dsgHqc0pw5C_S_dae6xkO=4dGUVjeQEA7Z0gGjH9-Tw@mail.gmail.com>

"We will be guided by the needs of our users and the free software community.
We will place their interests first in our priorities."

If a Debian contributor were faced with a demand to do something that
undermines the privacy or other interests of Debian users then I would hope
and expect that the contributor would choose instead to cease being a
contributor. Were he not to do so then he would have to be regarded as an
infiltrator.

Here I assume that U.S. law is not so draconian that it can require someone
who has contributed to Debian (and who is therefore trusted) to continue
doing so.

So perhaps the more pertinent question is, what safeguards does Debian have
against infiltration?
-- 
Thomas Hood

Reply to:

Follow-Ups:
- Re: Preventing government subversion in Debian, verification of binary package uploads
  - From: Russ Allbery <rra@debian.org>
- Re: Preventing government subversion in Debian, verification of binary package uploads
  - From: Robert Holtzm <holtzm@cox.net>

References:
- Preventing government subversion in Debian, verification of binary package uploads
  - From: Erich Schubert <erich@debian.org>

Prev by Date: Re: Introducing dgit - git integration with the Debian archive
Next by Date: Re: Preventing government subversion in Debian, verification of binary package uploads
Previous by thread: Re: Preventing government subversion in Debian, verification of binary package uploads
Next by thread: Re: Preventing government subversion in Debian, verification of binary package uploads
Index(es):
- Date
- Thread