* Paul Tagliamonte <paultag@debian.org>, 2016-07-13, 08:32:
On Wed, Jul 13, 2016 at 12:53:28PM +0200, Michael Ole Olsen wrote:If you cannot stand behind your work with your real name, you should not be in Debian IMOI'm already starting becoming paranoid with the many new uploaders, debian has gotten large by now.No. No no no no no no no no no. Everything about this, no. No.
Yeah, Michael, you owe me a new wtf-o-meter, because the one I had kinda exploded.
Trust me, nation state actors wouldn't be coming in as "Foo123", they'd be coming in with a tight identity, with *A REAL* issued ID.
I'm not worried about state actors, because as you correctly noticed, they'd find a way to pwn us secretly if they wanted to, no matter what.
However, I am worried about lone wolves acquiring uploads rights because they enjoy watching the world burn.
I'm also worried about long-serving and initially well-meaning developers who could go rogue when they learn that we want to expel them or when they are otherwise pissed off.
And in general, we shouldn't give up on security just because we're never going to make it perfect.
-- Jakub Wilk