>>>>> "RWMJ" == Richard W M Jones <rjones@xxxxxxxxxx> writes: RWMJ> I think we'd want to consider the security implications of RWMJ> accepting packages after only automated review. New packagers would need to be sponsored and so a human would still have to be involved at some point. (At least I certainly hope that nobody is thinking of removing that step.) Existing packagers could just push a malicious change to one of the packages they already maintain; that's not a change from the current system. Now, it happens that I strongly disagree with the idea that we should let anything more than a narrowly defined set of new packages into the distribution without human review. I just don't think the security argument is one I'd use personally to argue my position. - J< _______________________________________________ devel mailing list -- devel@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to devel-leave@xxxxxxxxxxxxxxxxxxxxxxx Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/devel@xxxxxxxxxxxxxxxxxxxxxxx/message/IMBCVRCCJQLLUQE2CNMXJZAL7RTEYO5N/
