[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: [Ian Jackson <ian@chiark.greenend.org.uk>] General bug polic

On 01-Jun-99 Joey Hess wrote:
> shaleh@clifford.livenet.net wrote:
>> However I have had a bug or three closed by someone else -- for the wrong
>> package.  Most recently was an anacron bug that was closed by the ytalk
>> maint.
>> It was an accident, he fixed it the moment I told him, but it should not be
>> possible to do.
>> 
>> Now, perhaps a provision that mail from debian-qa that is signed is allowed,
>> but beyond that it is trivial to compromise our bug system currently.
> 
> Yes and it's also trivial to fix it. And there's an audit trail so you can
> see exactly what was done and by whom. We're all working on good faith here,
> unless you're worried about some third party messing with the BTS I don't
> think this holds water.
> 

Forgive me, I have worked at an ISP for too long and always see the cracker
side of things.  Currently we are pushing 500 developers and everyone says "we
trust you".  What happens when someone violates that trust?  How long will we
work to clean up the mess?  We have already had developers misuse their
accounts on the debian.org machines.
Reply to: