On Sun, Oct 16, 2022 at 01:06:23PM +0900, Charles Plessy wrote: > Le Wed, Oct 12, 2022 at 12:14:35AM +0000, Scott Kitterman a écrit : > > > > What fraction of security issues we've had in Debian do you think > > narrower upload permissions would have prevented? > > Exactly zero. But my comment is not about the past, it is about the > future. > > I think that a proper risk assessment would be worth doing, an I also > think that this mailing list is not a proper place for doing it, not > because of secrecy but because of noise and lack of focus. Discussing > the conclusions here would of course be important. > > On my side, I would be fine if my upload key would be restricted to the > packages that me and my packaging team maintain. I am very unlikely to > need archive-wide privileges in the near future.
Being a frequent participant of a Bug Squashing Party and also general active on sponsoring, restriction to upload privilieges will likely impair my ability to contribute to Debian in this areas. -- tobi
