On Fri, 9 Jun 2006 11:05:56 +0100 "Chris Bainbridge" <[EMAIL PROTECTED]> wrote: | On 09/06/06, Edward Catmur <[EMAIL PROTECTED]> wrote: | > And what if they do know what they're doing, and what they're doing | > is subverting Gentoo systems en masse? You're proposing to hand out | > commit access to anyone who makes a case on IRC; you have no way to | > tell that they aren't an attacker. | | This is the way the system currently works. I'm sure any decent | motivated hacker would be able to fix a few ebuilds, hang out on irc, | do the quiz, and gain cvs commit access. There are no identity checks | when you become a gentoo developer; it's all about reputation.
And in theory, you have to build up quite a bit more of a reputation and talk to quite a few people and have your dev application seen and commented upon by existing developers who can have it cancelled if they deem it inappropriate, which is quite a bit harder to do than what is being proposed here. Of course, the practice is, uh, somewhat lacking of late... -- Ciaran McCreesh Mail : ciaran dot mccreesh at blueyonder.co.uk -- gentoo-dev@gentoo.org mailing list
