On Wed, 2013-05-08 at 17:53 -0400, Joey Hess wrote: > There's nothing stopping you filing a release critical bug > against any package that does this. I do it whenever I notice > something doing that. Obviously :)
The thing is just... we need a way (at least at a social level) to prevent this from happen in the first place... Not sure it it's already forbidden by the policy, but on the other hand, I doubt every developer always knows all parts of the policy by hard. Perhaps one should have a "Security Guidlines for Packaging" or so :) Cheers, Chris.
smime.p7s
Description: S/MIME cryptographic signature
