* martin f. krafft: > Every additional member with write access to the archive is an > additional threat to the integrity of the archive in case of > a developer gone bad or a compromised key;
If I wanted to hurt Debian users, I'd become a mirror admin. The damage potential is far higher, and there is some potential for hiding the breach for quite some time. Unauthorized package uploads are more likely to be spotted. Building backdoors into your own package is not very effective because there are only few widely-installed packages. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
