Re: Suggestion: Time limit for NM process
Daniel Baummann wrote:
>> Have a look at cacert:
>> every member has some privilege and it works fine. My oppinion is the
>> following:
>
> CACert and Debian are two completely diffrent things.
They're not. CACert has a similar feature like the DAM, they have several
core people they are allowed to revoke assurances, if a leaf of the web of
trust has been polluted. I once spoke to one of the founding members and this
wasn't necessary yet. (With >75k participants currently)
> If you play Mr. Evil in CAcert, you compromise *limited* amount of it's
> web-of-trust. If you play Basterd Debian Developer from Hell, you affect
> *all* Debian machines at once, beeing Debian Developer means practically
> to be root on over 30 million machines in the world.
That's a straw man argument. As a new developer you'll hardly be maintaining
a core package and the NM process has no mitigations against malicious
DDs-to-be. An attacker wouldn't need to go through NM anyway; archive integrity
can easily be attacked through sponsored uploads as well.
Cheers,
Moritz
Reply to: