[arch-dev-public] TU application process
eschwartz at archlinux.org
Tue Nov 6 14:28:23 UTC 2018
On 11/6/18 7:32 AM, Bartłomiej Piotrowski via arch-dev-public wrote:
>> Here again I would argue that they are devs that have [core] pushing
>> rights, as well as devs that are Master Key holders. So even if you
>> don’t want to write this black on white, this actually means a small
>> group of people have the real control over the distro (technically,
>> Master Key holders could revoke everyone else).
> You can argue, but it's simply not true. Any developer has access to
> [core]. Master key holders aren't considered any better than other
> developers besides having more duties and no one has ever refused to
> sign new TU; for every master key holder, there is someone else holding
> revocation certificate. There is no hierarchy.
I guess in addition it should be pointed out there's no technical
measure stopping *any* Dev from pushing a new keyring package that
deletes/revokes/disables all master keys and current packaging keys and
replaces the entire keyring with their own key alone. It's just yet
Bug Wrangler and Trusted User
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 833 bytes
Desc: OpenPGP digital signature
More information about the arch-dev-public