State of the archive
Donnie Berkholz
spyderous at gentoo.org
Sat Apr 29 17:09:07 PDT 2006
Daniel Stone wrote:
> The response was that an X.Org machine would continue to serve
> ftp.x.org, and that annarchy's archive would be mirrored if it was only
> writable by a very small group ('xorg-release' was the strawman). I
> don't believe that this is terribly useful: if you want to compromise
> code, it's infinitely easier to insert innocuous-looking rogue code[0]
> than to tarnish the archive.
The difference of privilege between who can commit and who can release
is absolutely meaningless unless the releaser is personally auditing
every commit.
On a more philosophical note, if you don't trust your committers, there
are more serious issues.
Thanks,
Donnie
More information about the xorg
mailing list