1 |
On Fri, 2006-06-09 at 20:32 +0100, Ciaran McCreesh wrote: |
2 |
> On Fri, 09 Jun 2006 20:06:04 +0100 Christel Dahlskjaer |
3 |
> <christel@g.o> wrote: |
4 |
> | I'd say that it's entirely possibly for some non-dev to sneak |
5 |
> | malicious code into the tree as is now, just as it will be possible |
6 |
> | to do in an overlay. |
7 |
> | |
8 |
> | It's not like it's particulary difficult to have someone proxy for |
9 |
> | you, and let's face it, if someone is willing to do so then they |
10 |
> | probably can't be arsed checking that what they are committing is |
11 |
> | clean and nice.. I mean, I trust you, right? |
12 |
> |
13 |
> Huge difference between committing a few things for a person you know, |
14 |
> where you have time to review code, and bulk committing random stuff |
15 |
> where you don't have time to check anything. That's the deal here -- if |
16 |
> a large number of developers can't handle maintainer-wanted, what makes |
17 |
> people think a far smaller number can without screwing up? |
18 |
|
19 |
I was actually agreeing with you. |
20 |
|
21 |
I also believe to be mistaken as I believed that all overlays on o.g.o |
22 |
would be in the style of say the existing PHP and Haskell overlays, and |
23 |
as such those with access would be trusted contributors, and I also |
24 |
believed that the individual projects would be making sure that they |
25 |
were testing and reviewing whatever patches were made to their stuff. |