On Sat, 2006-08-05 at 01:15 +0200, Christian Iseli wrote: > > One of the nagging questions is: how do we keep things as open as > possible while ensuring that no malicious/bad edits are planted in > packages. > > We can put controls at three points: > 1. at the SCM level, with ACLs > 2. at the build level, with a proper package database > 3. at the package signing stage * Minimal ACLs on SCM, so any authenticated user can commit changes to any package. I'd recommend however ACLs to keep the directory structure organized though. * However, emails are generated to directly to all maintainers of a particular area. That way unauthorized changes get noticed faster by the maintainers. * Builds can be initiated only by package maintainers and the security team (so that security fixes can be pushed out quickly). The security team would keep changes to the minimum necessary to resolve a security problem. * Before a build is initiated, the initiator would have to "approve" somehow all of the changes made by non-maintainers. Not quite sure how this would work, esp. given the need to track reversions of unapproved changes.
Description: This is a digitally signed message part