On Tue, Sep 27, 2011 at 11:41:04AM -0400, Stephen Leake wrote: > >>> Any maintainer can make his package Build-Depend on gnat, or imitate > >>> a shared library to fake whatever automatic test I can imagine. > >> > >> I think you are implying that Bad Things Can Happen if this rule is > >> accepted; can you be more explicit? > >> > >> For example, how would a malicious DM get malicious code uploaded by > >> this rule, that they can't do now? > > > > I think the danger that DM status prevents is that a malicious DM > > hijack a package that they don't own. There are strict rules for > > non-maintainer uploads; DMs simply cannot do NMUs. I think your > > proposed rule would make it much easier for a DM to hijack a package > > without a formal NMU, e.g. by renaming one of their binary packages to > > a package that already exists. > > The proposed rule says the new name has to differ from the old name by > only a number change, so I don't see how this is possible.
Allowing me to upload grub, mplayer, gcc-4.4, mpg123 is not the same as allowing me to upload grub2, mplayer2, gcc-4.6, mpg321. More generally, I could become a burden to the ftpmasters by uploading too many packages in the NEW queue. -- To UNSUBSCRIBE, email to [email protected] with a subject of "unsubscribe". Trouble? Contact [email protected] Archive: http://lists.debian.org/20110927170421.GA2491@pegase
