On Tue, Jan 12, 2016 at 10:06:40AM -0500, Nico Kadel-Garcia wrote: >> Could we adjust the tooling so that a request for commit access is >> automatically granted if it isn't answered within three months? > That's a potential security problem. If I, for example, can get > commit access to any idle program by claiming it when the original > maintainer is most busy, with no review or doublecheck of my quality > as a new maintainer, I can commit madness on a lot of low maintenance > projects. As I understand it, your sponsor is supposed to look after your commits. > Given so many thousands of Fedora packages, it could get > fascinatingly risky, especially if I start committing intriguing > little '%post' procedures that interfere in subtle ways with other > packages. Yes - there is a risk. But the large number of ignored packages in my mind is the higher security risk. -- sven === jabber/xmpp: sven@xxxxxxxxxx -- devel mailing list devel@xxxxxxxxxxxxxxxxxxxxxxx http://lists.fedoraproject.org/admin/lists/devel@xxxxxxxxxxxxxxxxxxxxxxx
