Hi, * Johannes Schauer Marin Rodrigues <josch@debian.org> [2022-10-12 10:49]:
If I understand what you write correctly, then you propose to put into place a technical barrier for uploading other people's packages. But that will not reduce the ownership (or hegemony) of developers over their packages and thus not address the problems that were identified.
This is my understanding as well, and I agree that Didier's proposal attempts to solve a very different problem. If we are looking for ways to limit the amount of damage any individual DD can do (be it inadvertently or maliciously), wouldn't it be better to assume that it *can* happen, no matter how hard we try to prevent it, and have some ultima ratio available to undo the damage? For example, roll back unstable by 24 hours from snapshot.d.o? Cheers Timo -- ⢀⣴⠾⠻⢶⣦⠀ ╭────────────────────────────────────────────────────╮ ⣾⠁⢠⠒⠀⣿⡁ │ Timo Röhling │ ⢿⡄⠘⠷⠚⠋⠀ │ 9B03 EBB9 8300 DF97 C2B1 23BF CC8C 6BDD 1403 F4CA │ ⠈⠳⣄⠀⠀⠀⠀ ╰────────────────────────────────────────────────────╯
Attachment:
signature.asc
Description: PGP signature