Re: Compromising Debian Repositories
>Does anyone involved plan to work on improving things, and then we're
discussing where it would be best to focus their energy?
Yes, kick Kurt Roeckx from his admin privileges to start. It's the easiest most basic thing you can do. Zero tolerance for crippling software like he did and it should go for everyone, lest you want another scandal. He still maintains the critical package that he was either threatened or paid - probably the latter - to cripple the entropy on by the NSA, and they've had a war on randomness for a long time now. It should have been done in 2008 when it was discovered after 3 years (that long? perhaps other heads should roll too). Don't let him resign just remove his auth and leave his collected things in a box by the door. And not just for OpenSSL, he contributes to ntp as well. Banish them, theres a line of talented good people who are in line to replace them.