State of the archive

Donnie Berkholz spyderous at gentoo.org
Sat Apr 29 17:09:07 PDT 2006


Daniel Stone wrote:
> The response was that an X.Org machine would continue to serve
> ftp.x.org, and that annarchy's archive would be mirrored if it was only
> writable by a very small group ('xorg-release' was the strawman).  I
> don't believe that this is terribly useful: if you want to compromise
> code, it's infinitely easier to insert innocuous-looking rogue code[0]
> than to tarnish the archive.

The difference of privilege between who can commit and who can release 
is absolutely meaningless unless the releaser is personally auditing 
every commit.

On a more philosophical note, if you don't trust your committers, there 
are more serious issues.

Thanks,
Donnie



More information about the xorg mailing list