From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from lists.gentoo.org ([140.105.134.102] helo=robin.gentoo.org) by nuthatch.gentoo.org with esmtp (Exim 4.60) (envelope-from ) id 1Fog7E-0000yu-EC for garchives@archives.gentoo.org; Fri, 09 Jun 2006 12:29:28 +0000 Received: from robin.gentoo.org (localhost [127.0.0.1]) by robin.gentoo.org (8.13.6/8.13.6) with SMTP id k59CRxW8030416; Fri, 9 Jun 2006 12:27:59 GMT Received: from smtp-out2.blueyonder.co.uk (smtp-out2.blueyonder.co.uk [195.188.213.5]) by robin.gentoo.org (8.13.6/8.13.6) with ESMTP id k59CM8D4020570 for ; Fri, 9 Jun 2006 12:22:09 GMT Received: from [172.23.170.136] (helo=anti-virus01-07) by smtp-out2.blueyonder.co.uk with smtp (Exim 4.52) id 1Fog08-0005iS-Ir for gentoo-dev@lists.gentoo.org; Fri, 09 Jun 2006 13:22:08 +0100 Received: from [213.121.151.206] (helo=snowdrop.home) by asmtp-out2.blueyonder.co.uk with esmtpa (Exim 4.52) id 1Fog05-0001hv-0e for gentoo-dev@lists.gentoo.org; Fri, 09 Jun 2006 13:22:05 +0100 Date: Fri, 9 Jun 2006 13:21:26 +0100 From: Ciaran McCreesh To: gentoo-dev@lists.gentoo.org Subject: Re: [gentoo-dev] Re: [ANNOUNCE] Project Sunrise - Gentoo User Overlay Message-ID: <20060609132126.75ed1a7d@snowdrop.home> In-Reply-To: <623652d50606090305u6d4c4e05i7d02810829a39fdc@mail.gmail.com> References: <1149838855.32541.28.camel@capella.catmur.co.uk> <623652d50606090305u6d4c4e05i7d02810829a39fdc@mail.gmail.com> X-Mailer: Sylpheed-Claws 2.3.0-rc3 (GTK+ 2.8.18; i686-pc-linux-gnu) Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-Id: Gentoo Linux mail X-BeenThere: gentoo-dev@gentoo.org Reply-to: gentoo-dev@lists.gentoo.org Mime-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit X-Archives-Salt: 3311f871-0358-487f-9296-a94f652f57c9 X-Archives-Hash: 728afb92374efb51ca94e84288174b58 On Fri, 9 Jun 2006 11:05:56 +0100 "Chris Bainbridge" wrote: | On 09/06/06, Edward Catmur wrote: | > And what if they do know what they're doing, and what they're doing | > is subverting Gentoo systems en masse? You're proposing to hand out | > commit access to anyone who makes a case on IRC; you have no way to | > tell that they aren't an attacker. | | This is the way the system currently works. I'm sure any decent | motivated hacker would be able to fix a few ebuilds, hang out on irc, | do the quiz, and gain cvs commit access. There are no identity checks | when you become a gentoo developer; it's all about reputation. And in theory, you have to build up quite a bit more of a reputation and talk to quite a few people and have your dev application seen and commented upon by existing developers who can have it cancelled if they deem it inappropriate, which is quite a bit harder to do than what is being proposed here. Of course, the practice is, uh, somewhat lacking of late... -- Ciaran McCreesh Mail : ciaran dot mccreesh at blueyonder.co.uk -- gentoo-dev@gentoo.org mailing list