> In fact, I think the lack of fine grained ACLs for this sort of thing > is one part of GNOME that work better than projects that try to lock > things down more aggressively.
Locking stuff down means reducing the attack surface (eg getting rid of shell accounts) and who can write stuff to trusted repositories. It doesn't mean contorting the release process. You just need to have the signing policy right. Giving everyone read access isn't a big deal, its write access that causes the problem - either to modify repositories or to put up fake releases. The latter can to a fair extent be handled by enforcing the upload be of a signed file with an appropriate signature for the destination. Alan _______________________________________________ desktop-devel-list mailing list desktop-devel-list@gnome.org http://mail.gnome.org/mailman/listinfo/desktop-devel-list