From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from lists.gentoo.org ([140.105.134.102] helo=robin.gentoo.org) by nuthatch.gentoo.org with esmtp (Exim 4.60) (envelope-from ) id 1FolTV-0001On-Gk for garchives@archives.gentoo.org; Fri, 09 Jun 2006 18:12:50 +0000 Received: from robin.gentoo.org (localhost [127.0.0.1]) by robin.gentoo.org (8.13.6/8.13.6) with SMTP id k59IBEhS007775; Fri, 9 Jun 2006 18:11:16 GMT Received: from smtp-out3.blueyonder.co.uk (smtp-out3.blueyonder.co.uk [195.188.213.6]) by robin.gentoo.org (8.13.6/8.13.6) with ESMTP id k59I6qGO003095 for ; Fri, 9 Jun 2006 18:06:52 GMT Received: from [172.23.170.138] (helo=anti-virus01-09) by smtp-out3.blueyonder.co.uk with smtp (Exim 4.52) id 1FolNk-0000Uj-B7 for gentoo-dev@lists.gentoo.org; Fri, 09 Jun 2006 19:06:52 +0100 Received: from [80.235.134.226] (helo=[10.0.1.6]) by asmtp-out4.blueyonder.co.uk with esmtp (Exim 4.52) id 1FolNj-0007s4-OF for gentoo-dev@lists.gentoo.org; Fri, 09 Jun 2006 19:06:51 +0100 Subject: Re: [gentoo-dev] Project Sunrise thread -- a try of clarification From: Christel Dahlskjaer To: gentoo-dev@lists.gentoo.org In-Reply-To: <20060609020834.35d7c6f4@snowdrop.home> References: <44887368.9030302@gentoo.org> <1149803837.19443.101.camel@cgianelloni.nuvox.net> <4488A4F3.5060908@gentoo.org> <1149811589.19102.23.camel@vertigo.twi-31o2.org> <4488C58A.5060205@gentoo.org> <20060609020834.35d7c6f4@snowdrop.home> Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="=-rSRFHx7O6dHG927X3glT" Date: Fri, 09 Jun 2006 20:06:04 +0100 Message-Id: <1149879964.4234.37.camel@gaspode> Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-Id: Gentoo Linux mail X-BeenThere: gentoo-dev@gentoo.org Reply-to: gentoo-dev@lists.gentoo.org Mime-Version: 1.0 X-Mailer: Evolution 2.4.2.1 X-Archives-Salt: 5ffe3277-6852-44b2-be29-8e2d070050c8 X-Archives-Hash: 2aa6db3406dbbadb407e74bd7582449e --=-rSRFHx7O6dHG927X3glT Content-Type: text/plain Content-Transfer-Encoding: quoted-printable On Fri, 2006-06-09 at 02:08 +0100, Ciaran McCreesh wrote: > On Fri, 09 Jun 2006 02:49:14 +0200 Markus Ullmann > wrote: > | > No. It clearly says that you would be doing the basic QA checks and > | > repoman checking on initial commit. You even said it right above > | > where I commented! > |=20 > | You're doing some witch hunting here... I said we keep an eye on > | non-devs commits. >=20 > How much do you want to bet that I couldn't sneak malicious code past > you? >=20 > And if you accept that I could do it, you're also admitting that quite > a few other random people, some of whom don't share my own ethical > objections to such a stunt, could also pull it off given sufficient > time and effort... I'd say that it's entirely possibly for some non-dev to sneak malicious code into the tree as is now, just as it will be possible to do in an overlay. =20 It's not like it's particulary difficult to have someone proxy for you, and let's face it, if someone is willing to do so then they probably can't be arsed checking that what they are committing is clean and nice.. I mean, I trust you, right?=20 --=-rSRFHx7O6dHG927X3glT Content-Type: application/pgp-signature; name=signature.asc Content-Description: This is a digitally signed message part -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.2.2 (GNU/Linux) iD8DBQBEicac0WARHgC5cN0RAsskAJwM9FAz7BetrPtEklLGSXlSkLbJ5ACfY4l4 cpp8v/GCMf55j17aFNfa6hE= =a7lS -----END PGP SIGNATURE----- --=-rSRFHx7O6dHG927X3glT-- -- gentoo-dev@gentoo.org mailing list