On Mon, Aug 18, 2025 at 08:19:49PM +0200, Alexandre Detiste wrote:
Worst case scenario is when the guy submitting the 3 PR is the XZ hacker. That _did_ happened: https://salsa.debian.org/games-team/empire/-/merge_requests/1 https://salsa.debian.org/games-team/empire/-/merge_requests/2 https://news.ycombinator.com/item?id=39868390 So MR for pristine-tar & upstream branch are too big to review and can never be trusted if they are from newcomers.
Same for master, as that one includes upstream changes.In any case it wouldn't make correct tags and maybe even wouldn't make correct merges.
-- WBR, wRAR
Attachment:
signature.asc
Description: PGP signature