On Tue, Nov 04, 2003 at 07:17:12PM -0500, Alex Pennace wrote: > A well meaning NMU to unstable can be helpful in the interim. > Naturally, submit a bug to describe the NMU; a diff is useful. If I > notice any problems I'll work with the uploader while the package is > still in unstable.
I'm confused by the concept of NMU: can anybody just arbitrarily upload a new version of a package? I have a feeling that are some controls but it seems pretty wild and wooly, and subject to abuse. The whole openness of the bug tracking system and package system seems particularly vulnerable to persons with malicious and subversive intent. Has anybody ever "attacked" the Debian process? Are there specific controls in place to prevent "attacks", or has it just never come up?