On Mon, Jul 30, 2007 at 11:32:12AM +0200, Marc 'HE' Brockschmidt wrote: > Kalle Kivimaa <killer@debian.org> writes: > > Marc 'HE' Brockschmidt <he@ftwca.de> writes: > >> (2) As soon as someone is in the DM keyring, a DD can give him > >> upload rights for virtually every package by adding the DM to > >> the Uploaders field and adding the DM-Upload-Allowed field. > > If there is a malicious DD who wants to do that, what would stop that > > DD from creating an automated system that accepts packages from the > > DM, signs them and sends them into the upload queue? > I'm not saying that the DD is malicious, but simply a moron. That > happens more often, really. If there are really that many DDs that are morons that they need to be dealt with by policy, n-m isn't doing its job. Cheers, aj
Attachment:
signature.asc
Description: Digital signature