1 |
On Fri, 9 Jun 2006 11:05:56 +0100 "Chris Bainbridge" |
2 |
<chris.bainbridge@×××××.com> wrote: |
3 |
| On 09/06/06, Edward Catmur <ed@×××××××××.uk> wrote: |
4 |
| > And what if they do know what they're doing, and what they're doing |
5 |
| > is subverting Gentoo systems en masse? You're proposing to hand out |
6 |
| > commit access to anyone who makes a case on IRC; you have no way to |
7 |
| > tell that they aren't an attacker. |
8 |
| |
9 |
| This is the way the system currently works. I'm sure any decent |
10 |
| motivated hacker would be able to fix a few ebuilds, hang out on irc, |
11 |
| do the quiz, and gain cvs commit access. There are no identity checks |
12 |
| when you become a gentoo developer; it's all about reputation. |
13 |
|
14 |
And in theory, you have to build up quite a bit more of a reputation |
15 |
and talk to quite a few people and have your dev application seen and |
16 |
commented upon by existing developers who can have it cancelled if they |
17 |
deem it inappropriate, which is quite a bit harder to do than what is |
18 |
being proposed here. Of course, the practice is, uh, somewhat lacking |
19 |
of late... |
20 |
|
21 |
-- |
22 |
Ciaran McCreesh |
23 |
Mail : ciaran dot mccreesh at blueyonder.co.uk |
24 |
|
25 |
|
26 |
-- |
27 |
gentoo-dev@g.o mailing list |