[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: Plan for tomorrows (20070816) FESCO meeting



On 16.08.2007 00:42, Brian Pepple wrote:
> On Wed, 2007-08-15 at 14:56 -0700, Toshio Kuratomi wrote:
>> On 8/15/07, Brian Pepple <bpepple fedoraproject org> wrote:
>>
>>> You want something to be discussed? Send a note to the list in reply to
>>> this mail and I'll add it to the schedule (I can't promise we will get
>>> to it tomorrow, but we'll most likely will if we don't run out of time).
>>> You can also propose topics in the meeting while it is in the "Free
>>> discussion around Fedora" phase.
>> 1) Should the default policy for new packages (for now) be open to
>> cvsextras commits or open to owner only?
> 
> Toshio, thanks for reminding me.  Knew I forgot something to add to the
> schedule. ;)

Something related to this: I'd like to open my packages by default for
sponsors and a (not-yet-existent group) long-term-contributors(¹). Could
FESCo consider making something like this possible?

Reasons for that wish: I have no problem with other people modifying my
packages (²), but I think the risk of opening lots of packages in CVS
for alls cvs_extras members is to high, as it's not that hard for a
malicious attacker to get sponsored (site note: especially as the "hit
CTRL + C at the right moment and non or and incomplete commit message
gets send" problems is still not solved and thus it's not that hard to
modify something in CVS without being noticed early enough).

CU
knurd

(¹) -- long-term in this case maybe defined as something like this:
people that have at least ten packages or have three packages and are
around for at least one year

(²) -- as I said in the past now and then already: I still like us to
see a more wiki-like approach where modifying other peoples packages is
not frowned upon as it is currently


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]