Giving upload rights to non-Ubuntu members
Jeremy Bicha
jbicha at ubuntu.com
Thu Jul 25 01:31:34 UTC 2013
On 24 July 2013 21:17, Mark Shuttleworth <mark at ubuntu.com> wrote:
> My main thought was that we always want to ensure that there are active
> forces steering things in the right direction. My concern would be, if a
> person 'leads' a packageset and gives another person permission to
> upload, who then drifts away, that we may be vulnerable to a social
> attack if their keys were compromised.
I'm afraid I don't understand your theoretical scenario. I don't
understand how giving upload rights to a few more vetted Debian or
upstream developers to packages that they already control puts Ubuntu
at a noticeably higher level of risk.
The Forums hack seems to have
> been exactly this - one admin gave another access years ago, and then
> that'caused an issue today.
Uh, that's the first I've heard that information.
Jeremy
More information about the technical-board
mailing list