[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Bits from the DAMs

* martin f. krafft:

> Every additional member with write access to the archive is an
> additional threat to the integrity of the archive in case of
> a developer gone bad or a compromised key;

If I wanted to hurt Debian users, I'd become a mirror admin.  The
damage potential is far higher, and there is some potential for hiding
the breach for quite some time.  Unauthorized package uploads are more
likely to be spotted.  Building backdoors into your own package is not
very effective because there are only few widely-installed packages.

Reply to: