[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Excessive wait for DAM - something needs to be done



On Thu, Jul 17, 2003 at 01:23:46AM -0400, David B Harris wrote:

> This would certainly stop a malcontent from putting a trojan in a very
> popular package that's run as root (I like the OpenSSH example), but in
> reality that's already the case. NMUs are noticed quite quickly, and
> anything suspicious (especially for a package like that) will get pulled
> out of the queue until the situation can be clarified.

Combining the current MIA problem with this subsequent lack of NM
vetting, I wouldn't bet on us catching a well-placed, malicious NMU
before it was too late.  The NM process is still important.

-- 
Steve Langasek
postmodern programmer

Attachment: pgprCTIozd_N0.pgp
Description: PGP signature


Reply to: