On Thu, Jan 29, 2009 at 7:12 PM, Kevin Kofler <kevin.kofler@xxxxxxxxx> wrote: > drago01 wrote: >> Did it ever happen that a "provenpackager" or any packager in the days >> of open ACLs cause any real damage to packages (not owned by him)? >> I am not aware of any such cases, it seems to me that we are trying to >> solve a non existing problem. > > It's mostly just paranoia, as always when the 's' word ("security") is > involved. > > IMHO, all packages should have open ACLs, with no exceptions (yes, even the > kernel!), and I don't think we should make it as hard to get into > provenpackager as some people are suggesting (10 to 15 sponsors needed, > WTF?). +1 P.S: reading this from you was unexpected but nice to see, considering that you answered my question why most of the core KDE packages have closed ACLs (is this still the case?) you said "because the KDE SIG is already doing a good job" (which is no reason why other people should not be allowed to do a good job too ;) ) -- fedora-devel-list mailing list fedora-devel-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-devel-list