[clc-devel] Ports reorganisation?

Johannes Winkelmann jw at tks6.net
Sat Jan 10 12:33:54 UTC 2004


Hi,

On Fri, Jan 09, 2004 at 13:29:38 +0100, Tilo Riemer wrote:
> Hello,
> 
> > I've discussed with Jürgen and Martin regarding unmaintained, and I now
> > think that we should keep it and define a procedure to allow submission
> > of changes back to it. This is because of the higher level of trust
> > because someone from CLC at least _looked_ at it ("many eyes" as Martin
> > called this). IMHO this is a very good argument.
> > The important thing here is to make sure that applying submitted changes
> > is really simple and that a lot of checks are done by scripts (e.g.
> > footprints).
> 
> Who should be able to submit changes? If someone can change Pkgfile he
> should also be able to change footprints. And he could replace a link with a
> link pointing at a backdoor...
Yeah, that's very true. It's still a lot better if it's reviewed, right?
I consider it an improvement if someone independent had a look at it
compared to just using the same port from someone's httpup repo. It's
just a higher level of trust, not a perfect secure solution.

Regards, Johannes
-- 
Johannes Winkelmann              mailto:jw at tks6.net
Biel, Switzerland                http://jw.tks6.net



More information about the crux-devel mailing list