> they get one and only one chance to do something that stupid. So the answer is that we have no way of preventing a developer from intentionally sabotaging a package in any / as many ways as they choose and the only risk to them is losing their uploader access after the fact?
>the response is swift: there was a debian developer wrongfully arrested for running a TOR exit node. their key was revoked immediately. How was this incident detected? On Mon, May 23, 2022 at 12:07 PM lkcl <luke.leigh...@gmail.com> wrote: > On Mon, May 23, 2022 at 7:59 PM Adam McKenna <a...@flounder.net> wrote: > > You are talking about a deterrent though. I think the question is, > > what if someone cares more about their political cause than > > retaining their uploader access? > > they get one and only one chance to do something that stupid. > > > What if someone's keys are compromised > > the response is swift: there was a debian developer wrongfully > arrested for running a TOR exit node. their key was revoked > immediately. > > l. >
