On 9/5/22 16:54, Maxwell G via devel wrote: > On Monday, September 5, 2022 Peter Robinson wrote: >> it would probably be easier to join and become a packager by >> packaging a random leaf package no one would use, then as a packager >> pick up an random orphaned package that's in the core distro and then >> just compromise the distro that way TBH. > > They wouldn't even need to pick up a core package. "Supplements: kernel" would > get them far enough... Only solution I know is to require review of certain changes to package dependencies, enforced by post-build automated checks. Not sure which changes should require such review. -- Sincerely, Demi Marie Obenour (she/her/hers) _______________________________________________ devel mailing list -- devel@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to devel-leave@xxxxxxxxxxxxxxxxxxxxxxx Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/devel@xxxxxxxxxxxxxxxxxxxxxxx Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
