On 24 July 2013 21:17, Mark Shuttleworth <m...@ubuntu.com> wrote: > My main thought was that we always want to ensure that there are active > forces steering things in the right direction. My concern would be, if a > person 'leads' a packageset and gives another person permission to > upload, who then drifts away, that we may be vulnerable to a social > attack if their keys were compromised.
I'm afraid I don't understand your theoretical scenario. I don't understand how giving upload rights to a few more vetted Debian or upstream developers to packages that they already control puts Ubuntu at a noticeably higher level of risk. The Forums hack seems to have > been exactly this - one admin gave another access years ago, and then > that'caused an issue today. Uh, that's the first I've heard that information. Jeremy -- technical-board mailing list technical-board@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/technical-board
