| 1 |
On Fri, 9 Jun 2006 11:05:56 +0100 "Chris Bainbridge" |
| 2 |
<chris.bainbridge@×××××.com> wrote: |
| 3 |
| On 09/06/06, Edward Catmur <ed@×××××××××.uk> wrote: |
| 4 |
| > And what if they do know what they're doing, and what they're doing |
| 5 |
| > is subverting Gentoo systems en masse? You're proposing to hand out |
| 6 |
| > commit access to anyone who makes a case on IRC; you have no way to |
| 7 |
| > tell that they aren't an attacker. |
| 8 |
| |
| 9 |
| This is the way the system currently works. I'm sure any decent |
| 10 |
| motivated hacker would be able to fix a few ebuilds, hang out on irc, |
| 11 |
| do the quiz, and gain cvs commit access. There are no identity checks |
| 12 |
| when you become a gentoo developer; it's all about reputation. |
| 13 |
|
| 14 |
And in theory, you have to build up quite a bit more of a reputation |
| 15 |
and talk to quite a few people and have your dev application seen and |
| 16 |
commented upon by existing developers who can have it cancelled if they |
| 17 |
deem it inappropriate, which is quite a bit harder to do than what is |
| 18 |
being proposed here. Of course, the practice is, uh, somewhat lacking |
| 19 |
of late... |
| 20 |
|
| 21 |
-- |
| 22 |
Ciaran McCreesh |
| 23 |
Mail : ciaran dot mccreesh at blueyonder.co.uk |
| 24 |
|
| 25 |
|
| 26 |
-- |
| 27 |
gentoo-dev@g.o mailing list |
Archives