| 1 |
On Tuesday 07 September 2004 8:14 pm, Kurt Lieber wrote: |
| 2 |
> On Tue, Sep 07, 2004 at 07:09:27PM +0200 or thereabouts, Christian Parpart |
| 3 |
wrote: |
| 4 |
> > Some questions remain anyway. WHO exactly may submit (have write access), |
| 5 |
> > and, how to get into this new idea to get a bit more attention in public? |
| 6 |
> |
| 7 |
> Well, ideally, everyone would have write access. If that freaks people out |
| 8 |
> a bit too much, then you could have some sort of cursory review process |
| 9 |
> where a group of people review ebuilds to make sure they don't have any |
| 10 |
> nastiness in them. |
| 11 |
|
| 12 |
I propose, that only commits, that are digitally signed (GnuPG ideally) go |
| 13 |
into this. So, we let the trust by the user's side, of course, *this* is, |
| 14 |
what some time before was proposed for the official portage tree as well. |
| 15 |
And, this would even need some tweakings in emerge tool to validate'n'skip |
| 16 |
the digital signature as well as select only ebuilds the user trusts on. |
| 17 |
|
| 18 |
> If you restrict who can access the system too much, then you end up where |
| 19 |
> we are now, with no net improvement. |
| 20 |
[...] |
| 21 |
|
| 22 |
I agree... s.a. |
| 23 |
|
| 24 |
so far, |
| 25 |
Christian Parpart. |
| 26 |
|
| 27 |
-- |
| 28 |
20:19:33 up 14 days, 7:59, 4 users, load average: 1.14, 1.17, 1.39 |
Archives