Re: Evolving away from source package realms

[Charles Plessy <plessy@debian.org>]

Le Wed, Oct 12, 2022 at 12:14:35AM +0000, Scott Kitterman a écrit :
> 
> What fraction of security issues we've had in Debian do you think
> narrower upload permissions would have prevented?

Exactly zero.  But my comment is not about the past, it is about the
future.

I think that a proper risk assessment would be worth doing, an I also
think that this mailing list is not a proper place for doing it, not
because of secrecy but because of noise and lack of focus.  Discussing
the conclusions here would of course be important.

On my side, I would be fine if my upload key would be restricted to the
packages that me and my packaging team maintain.  I am very unlikely to
need archive-wide privileges in the near future.

Have a nice Sunday,

Charles

-- 
Charles Plessy                         Nagahama, Yomitan, Okinawa, Japan
Debian Med packaging team         http://www.debian.org/devel/debian-med
Tooting from work,           https://mastodon.technology/@charles_plessy
Tooting from home,                 https://framapiaf.org/@charles_plessy