Re: Evolving away from source package realms
Le Wed, Oct 12, 2022 at 12:14:35AM +0000, Scott Kitterman a écrit :
>
> What fraction of security issues we've had in Debian do you think
> narrower upload permissions would have prevented?
Exactly zero. But my comment is not about the past, it is about the
future.
I think that a proper risk assessment would be worth doing, an I also
think that this mailing list is not a proper place for doing it, not
because of secrecy but because of noise and lack of focus. Discussing
the conclusions here would of course be important.
On my side, I would be fine if my upload key would be restricted to the
packages that me and my packaging team maintain. I am very unlikely to
need archive-wide privileges in the near future.
Have a nice Sunday,
Charles
--
Charles Plessy Nagahama, Yomitan, Okinawa, Japan
Debian Med packaging team http://www.debian.org/devel/debian-med
Tooting from work, https://mastodon.technology/@charles_plessy
Tooting from home, https://framapiaf.org/@charles_plessy
Reply to: