Re: Lottery NEW queue (Re: Are libraries with bumped SONAME subject of inspection of ftpmaster or not
On Wed, Jan 26, 2022 at 11:43 AM Adam Borowski <kilobyte@angband.pl> wrote:
>
> On Tue, Jan 25, 2022 at 09:38:01PM +0100, Vincent Bernat wrote:
> >
> > I think we should forego the NEW queue. If people want to check
> > packages, they can do it once they are in unstable with regular bugs.
>
> Without the NEW queue, there would be no point at which packaging receives
> any sort of review. I'd prefer Debian to deliver at least some level of
> quality.
>
> Otherwise, we'd fall to the level of NPM. And there's ample examples what
> that would mean.
I disagree with the comparison to NPM. Simply because not everyone can
upload - you have to be DD or DM to do that, which means you have to
go through a non-trivial process where it is checked that you know
what you do. As of right now, a malicious acting DD can already upload
harmful packages without NEW stopping this at all.
Regards,
Stephan
Reply to: