Ludovic Courtès schreef op ma 18-07-2022 om 10:45 [+0200]: > The model here is that users trust authorized committers. When you > think about it, there’s no way around it, because at the end of the > day, you’re installing software that an authorized committer added to > the channel.
FWIW, something I haven't seen mentioned yet is that the trust problem could be reduced by some kind of multisig system, where multiple independent persons would need to sign the commit for it to be accepted, though that might be technically hard to implement and probably be too people-time-expensive currently. Greetings, Maxime.
