The debian-private mailing list leak, part 1. Volunteers have complained about Blackmail. Lynchings. Character assassination. Defamation. Cyberbullying. Volunteers who gave many years of their lives are picked out at random for cruel social experiments. The former DPL's girlfriend Molly de Blanc is given volunteers to experiment on for her crazy talks. These volunteers never consented to be used like lab rats. We don't either. debian-private can no longer be a safe space for the cabal. Let these monsters have nowhere to hide. Volunteers are not disposable. We stand with the victims.

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: new maintainers

To: Herbert Xu <herbert@greathan.apana.org.au>
Subject: Re: new maintainers
From: Jim Pick <jim@jimpick.com>
Date: Thu, 20 Mar 1997 10:29:14 -0800
Cc: Bruce Perens <bruce@pixar.com>, debian-private@lists.debian.org
In-reply-to: Your message of "Thu, 20 Mar 1997 21:08:41 +1100." <33310CBD.33426A4@greathan.apana.org.au>
Resent-cc: recipient list not shown: ;
Resent-date: 20 Mar 1997 18:31:37 -0000
Resent-from: debian-private@lists.debian.org
Resent-message-id: <"kr6XB.0.rG1.9AOCp"@debian>
Resent-sender: debian-private-request@lists.debian.org

> Bruce Perens wrote:
> > 
> > There are a good many people who aren't going to take the need for
> > screening seriously until something happens, and then we will look very
> > bad and people will have their systems damaged and they will never trust us
> > again. I'm trying to avoid that, but I doubt I'll be able to. We need to
> 
> I don't understand.  Why can't we simply disallow maintainers from
> uploading files to released releases or frozen? Isn't unstable supposed
> to be unstable?

Yes!

Let's do that "testing" thing.  If someone slips in a trojan horse, it'll nuke
the tester's machines.  Of course, if someone volunteers to be a tester, 
they'll make it a point to keep backups.  No harm done.

If somebody tries to slip something more insiduous through, we've got a
problem.  I don't view this as being an extremely likely scenario --
we're not a target like Microsoft is -- but it is possible.  But if we
demand that packages be signed (and we check the signatures), we can
trace the damage back to the source -- and proceed with criminal charges.

I don't see any reason to go into extremely intrusive background checks
(ie. credit ratings) -- but we should ensure that people are who they say
they are.  I think that's all we really have to do, as long as we do
testing.

Let's be the "OPEN" free software distribution.  That's why I'm here.

Cheers,

 - Jim

Attachment: pgpSt7dhNtid5.pgp
Description: PGP signature

References:
- Re: new maintainers
  - From: Herbert Xu <herbert@greathan.apana.org.au>

Prev by Date: Re: Call for vote: Impeachment of the president [was: Re: new maintainers]
Next by Date: Re: new maintainers
Previous by thread: Re: new maintainers
Next by thread: Re: new maintainers
Index(es):
- Date
- Thread