On Thu, Jul 17, 2003 at 01:23:46AM -0400, David B Harris wrote: > This would certainly stop a malcontent from putting a trojan in a very > popular package that's run as root (I like the OpenSSH example), but in > reality that's already the case. NMUs are noticed quite quickly, and > anything suspicious (especially for a package like that) will get pulled > out of the queue until the situation can be clarified. Combining the current MIA problem with this subsequent lack of NM vetting, I wouldn't bet on us catching a well-placed, malicious NMU before it was too late. The NM process is still important. -- Steve Langasek postmodern programmer
Attachment:
pgpnHB7cKtNrl.pgp
Description: PGP signature