[arch-general] Is Voting Effective?
Alex Jordan
alexander3223098 at gmail.com
Sun Apr 13 04:28:07 EDT 2014
On Apr 11, 2014 4:45 PM, "Taylor Hornby" <havoc at defuse.ca> wrote:
> I'm saying: A single trusted person blindly building and singing
> packages is more secure than everyone blindly building and signing
> packages.
As others have said: users should not be blindly building and installing
packages. Friendly reminder that install scriptlets run as root with no
restrictions.
> Would it really be that much? How do other distributions manage it?
Yes, it would be that much. Other distributions manage it by either having
much, much larger communities than us (e.g. Debian), and thus much more
potential donators, or by having corporate backing (e.g. Ubuntu, Fedora).
More information about the arch-general
mailing list