[arch-dev-public] Junior developers and [staging]

Pierre Schmitz pierre at archlinux.de
Sun Sep 5 06:36:08 EDT 2010

On Sun, 05 Sep 2010 10:53:59 +0200, Thomas Bächler
<thomas at archlinux.org> wrote:
> The presence of the file in the pool is not good enough. An evil
> developer could delete the file from the pool, then commit his own
> package.

If you are evil you could still mess up with the repo by bypassing
dbscripts. There is no point in assuming that there are evil developers.

> dbscripts should probably check whether a package with the same
> pkgname-pkgver-pkgrel triple is already in any other repository and then
> allow/deny adding it.

That is a plan.

Pierre Schmitz, https://users.archlinux.de/~pierre

More information about the arch-dev-public mailing list