[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Package database, SCM, ACLs, co-maintainership, and all that stuff



Warning, brain dump ahead...

We want lots of packages

We want lots of maintainers

We want to make it easy for maintainers to collaborate

We also want secure packages

One of the nagging questions is: how do we keep things as open as
possible while ensuring that no malicious/bad edits are planted in
packages.

We can put controls at three points:
1. at the SCM level, with ACLs
2. at the build level, with a proper package database
3. at the package signing stage

1 is maybe a bit premature.  SCM is nice in the way that it's easy to
know who changed what, and bad things can be undone easily.  It's also
completely private: no external user is affected if a bad change
temporarily enters the SCM.  When collaborating, it's nice to just be
able to say to your friend maintainer: "just commit your change to the
SCM".

2 might be a good point to make checks.  Effects of builds are
semi-private: newly built packages are available to the buildsys to
build further packages, and could have potential impact on packages
released to our users.  It'd need fine grained controls in the package
database though, and must work in a completely automated way.

3 is the last chance before the package is released unto the world.
The nice thing is that this step is performed by a real person, who can
use her/his better judgement to decide whether or not to sign a
package.  The risk is that the task becomes complicated and
burdensome...

Ah well, time to go get some sleep.

Cheers,
					Christian


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]