Adam Williamson wrote:
> Really? I don't think there's *that* many cases where a negative piece
> of karma is filed between the submission and the push which you'd want
> to ignore.
I think there are actually very many. We get a lot of invalid -1 votes for
KDE updates (issues which have been there for ages, issues which have been
caused by a completely unrelated update which happened to hit testing or
stable at the same time) etc.
It'd also open the doors to effectively DoS updates.
> And even in the rare cases when that happens, if we warn or even unsubmit
> the update, it's not like you can't do anything about it. If we make it a
> warning...ignore the warning. If we make it withdraw the update...just
> submit it again. I'm having a hard time seeing that fall apart.
It means that a well-timed -1 can cause the update to miss the push (which
is already a forced delay and thus a form of DoS), then it can be done again
at the next push, ad infinitum, instant DoS.
> I don't really mind requiring bug numbers for negative karma (though, if
> anything, I reckon that'd have *more* problematic corner cases in
> itself). But I'm not sure it's really necessary for this.
I think it actually won't solve the problem at hand. The bug pointed to
might not actually be caused by the update (see the first paragraph), or it
could even be a dummy bug filed by a malicious DoSer.
Kevin Kofler
--
devel mailing list
devel@xxxxxxxxxxxxxxxxxxxxxxx
https://admin.fedoraproject.org/mailman/listinfo/devel
