On Mon, 2012-02-20 at 19:50 -0500, Michael Gilbert wrote: > But anyway, I think to get anywhere you'll need to help get Debian > policy 2.2.1 clarified for these kind of conditions. Then you'll be > able to submit bugs with appropriate RC severity so they'll have to be > handled. Phew,.. changing the policy is a terrible quest ;)
And honestly, I don't think that all that is necessary can be coded in a policy. Especially as much is a best effort thing... like getting a trust path to upstream, or if this is not possible, download the sources from multiple different computers, etc. And we have many cases, where maintainers would really have to patch software, to prevent it from possibly doing nasty things (take all the packages with AppStore like stuff as an example, Mozilla Add-Ons, GNOME Shell Extensions, etc.) Cheers, Chris.
smime.p7s
Description: S/MIME cryptographic signature
