[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Debian Membership

On Saturday 14 March 2009, Matthew Johnson wrote:
> Being part of the project, particularly with upload rights, is
> something I believe _should_ be difficult. This restriction on access
> to the archive is one of our strengths, it gives us a higher quality of
> packaging (yes, there are exceptions, but they should be the exception,
> not the rule) than would otherwise be possible.

The effort needed to go through the NM procedure also has an IMO import 
security aspect: it's quite unlikely that a "black hat" would be willing 
to make that effort to get in a position where (s)he could introduce 
trojaned packages into the archive.

We should not delude ourselves that we could compensate for that by more 
review or whatever if the entry barrier is lowered. IMO any proposals for 
relaxation of the entry requirements, especially to give full upload 
access, should take this aspect into account.


Attachment: signature.asc
Description: This is a digitally signed message part.

Reply to: