On Wed, Jan 26, 2022 at 11:43 AM Adam Borowski <kilob...@angband.pl> wrote: > > On Tue, Jan 25, 2022 at 09:38:01PM +0100, Vincent Bernat wrote: > > > > I think we should forego the NEW queue. If people want to check > > packages, they can do it once they are in unstable with regular bugs. > > Without the NEW queue, there would be no point at which packaging receives > any sort of review. I'd prefer Debian to deliver at least some level of > quality. > > Otherwise, we'd fall to the level of NPM. And there's ample examples what > that would mean.
I disagree with the comparison to NPM. Simply because not everyone can upload - you have to be DD or DM to do that, which means you have to go through a non-trivial process where it is checked that you know what you do. As of right now, a malicious acting DD can already upload harmful packages without NEW stopping this at all. Regards, Stephan