Re: Status of new packages in Incoming?

[Steve Greenland <stevegr@debian.org>]

On 27-Sep-99, 00:44 (CDT), Joey Hess <joey@kitenet.net> wrote: 
> I think it should be possible to come up with a structure where ftp site
> maintainers need not be trusted. The key to doing so is making it possible
> for any change such a person makes to be logged, and reversable.
> 
> The reason I think this is possible is because of things like the Bug
> Tracking System, and CVS. Anyone can manipulate bugs in the BTS, and that's
> generally ok, because the changes they make are reversable. People routinely
> give other write access to CVS repositiories without strenuous background
> checks on them. For example, anyone who expresses the willingness to
> translate can get CVS commit access to the debian web site. With CVS, this
> isn't a problem, because if someone does something bad, it's possible to
> revert their changes. It's also possible to identify who did it and deal
> with them if they're a repeat offender.

I think the key difference is that if some one screws with the BTS or
the Debian web site, it's not going to *me* any harm during the time
it takes to discover and undo the damage. If someone installs a bad or
malicious libc6 in the archive, a buncha people could get seriously
screwed. Depending on mirror cycles and timing, I suspect it could take
*days* to completely correct the damage in the archive and its mirrors,
and who tells how long for the victims to correct their local situation.

Note that this doesn't argue against the idea of having a reversible and
logging interface to the archive, which might be a good thing anyway;
just against allowing widespread access to the archive.

-- 
Steve Greenland <vmole@swbell.net>
(Please do not CC me on mail sent to this list; I subscribe to and read
every list I post to.)