two questions
Axel Thimm
Axel.Thimm at ATrpms.net
Wed Aug 8 14:15:07 UTC 2007
On Wed, Aug 08, 2007 at 11:21:36PM +1000, John Pye wrote:
> (1) after my package review, I get to add my files to CVS and build the
> package that ultimately gets into Fedora. What is to stop me from
> uploading something subtly (or even maliciously) different from the
> files that were actually reviewed?
Subtly different in the sense of having additional fixes is
OK. malicious is not. Just don't do it. ;)
Actually that's the part where the mentors step in - you earn your
trust by (hopefully) being watched by them, and if you behave well for
a couple of packages you have enough trust points gained.
--
Axel.Thimm at ATrpms.net
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/fedora-maintainers/attachments/20070808/fb72cc74/attachment.sig>
More information about the Fedora-maintainers
mailing list