Point of reviews
Scott Kitterman
ubuntu at kitterman.com
Fri May 23 16:01:43 UTC 2014
On Friday, May 23, 2014 19:54:05 Dmitry Shachnev wrote:
> On Fri, May 23, 2014 at 7:27 PM, Didier Roche <didrocks at ubuntu.com> wrote:
> >> Since CI train packages are mostly Ubuntu specific (Qt5 is
> >> somewhat unique in this regard), I'd suggest those need review in New
> >> much
> >> more than the 75% of our packages we get from Debian unmodified that have
> >> already been through New there.
> >
> > This is the case since we had daily release and it's a bug/feature in
> > Launchpad itself.
>
> Does this mean that anyone can bypass the NEW queue by uploading a
> package to any PPA and then copying it using copy-package?
>
> If yes, then I would consider it a security hole.
Particularly since the list of people that can upload to the relevant PPAs is
not constrained to Ubuntu developers. It not only can bypass New, it can
bypass all the normal sponsorship process.
Scott K
More information about the ubuntu-devel
mailing list