Re: Excessive wait for DAM - something needs to be done

To: debian-newmaint@lists.debian.org
Subject: Re: Excessive wait for DAM - something needs to be done
From: Steve Langasek <vorlon@netexpress.net>
Date: Thu, 17 Jul 2003 08:22:58 -0500
Message-id: <[🔎] 20030717132258.GA23333@tennyson.netexpress.net>
In-reply-to: <[🔎] 20030717012346.164f6857.david@eelf.ddts.net>
References: <20030716214245.031109e8.david@eelf.ddts.net> <[🔎] Pine.LNX.4.44.0307162053210.11852-100000@bach.mancill.van> <[🔎] 20030717012346.164f6857.david@eelf.ddts.net>

On Thu, Jul 17, 2003 at 01:23:46AM -0400, David B Harris wrote:

> This would certainly stop a malcontent from putting a trojan in a very
> popular package that's run as root (I like the OpenSSH example), but in
> reality that's already the case. NMUs are noticed quite quickly, and
> anything suspicious (especially for a package like that) will get pulled
> out of the queue until the situation can be clarified.

Combining the current MIA problem with this subsequent lack of NM
vetting, I wouldn't bet on us catching a well-placed, malicious NMU
before it was too late.  The NM process is still important.

-- 
Steve Langasek
postmodern programmer

Attachment: pgpnHB7cKtNrl.pgp
Description: PGP signature

Reply to:

References:
- Re: Excessive wait for DAM - something needs to be done
  - From: tony mancill <tony@mancill.com>
- Re: Excessive wait for DAM - something needs to be done
  - From: David B Harris <david@eelf.ddts.net>

Prev by Date: Rejection of Jasvir Nagra.
Next by Date: Re: Big problem - GnuPG key deleted
Previous by thread: Re: Excessive wait for DAM - something needs to be done
Next by thread: Big problem - GnuPG key deleted
Index(es):
- Date
- Thread