Luca Boccassi <bl...@debian.org> writes: > As per the security review just shared, admin access to Salsa allows > to push commits anyway which would get uploaded just the same,
I'm not sure that I understand what you're saying here, but if I did understand this correctly, no, this is not correct. My security review says the exact opposite of this: admin access to Salsa does not allow you to bypass the tag2upload checks or upload a source package. -- Russ Allbery (r...@debian.org) <https://www.eyrie.org/~eagle/>
