On Wed, Aug 08, 2007 at 11:21:36PM +1000, John Pye wrote: > (1) after my package review, I get to add my files to CVS and build the > package that ultimately gets into Fedora. What is to stop me from > uploading something subtly (or even maliciously) different from the > files that were actually reviewed? Subtly different in the sense of having additional fixes is OK. malicious is not. Just don't do it. ;) Actually that's the part where the mentors step in - you earn your trust by (hopefully) being watched by them, and if you behave well for a couple of packages you have enough trust points gained. -- Axel.Thimm at ATrpms.net
Attachment:
pgp36c2SZSJQp.pgp
Description: PGP signature
-- Fedora-maintainers mailing list Fedora-maintainers@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-maintainers
-- Fedora-maintainers-readonly mailing list Fedora-maintainers-readonly@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-maintainers-readonly
