Warning, brain dump ahead... We want lots of packages We want lots of maintainers We want to make it easy for maintainers to collaborate We also want secure packages One of the nagging questions is: how do we keep things as open as possible while ensuring that no malicious/bad edits are planted in packages. We can put controls at three points: 1. at the SCM level, with ACLs 2. at the build level, with a proper package database 3. at the package signing stage 1 is maybe a bit premature. SCM is nice in the way that it's easy to know who changed what, and bad things can be undone easily. It's also completely private: no external user is affected if a bad change temporarily enters the SCM. When collaborating, it's nice to just be able to say to your friend maintainer: "just commit your change to the SCM". 2 might be a good point to make checks. Effects of builds are semi-private: newly built packages are available to the buildsys to build further packages, and could have potential impact on packages released to our users. It'd need fine grained controls in the package database though, and must work in a completely automated way. 3 is the last chance before the package is released unto the world. The nice thing is that this step is performed by a real person, who can use her/his better judgement to decide whether or not to sign a package. The risk is that the task becomes complicated and burdensome... Ah well, time to go get some sleep. Cheers, Christian -- fedora-extras-list mailing list fedora-extras-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-extras-list