The debian-private mailing list leak, part 1. Volunteers have complained about Blackmail. Lynchings. Character assassination. Defamation. Cyberbullying. Volunteers who gave many years of their lives are picked out at random for cruel social experiments. The former DPL's girlfriend Molly de Blanc is given volunteers to experiment on for her crazy talks. These volunteers never consented to be used like lab rats. We don't either. debian-private can no longer be a safe space for the cabal. Let these monsters have nowhere to hide. Volunteers are not disposable. We stand with the victims.

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: THOUGHT: New 'user-contributed' section?



> Well, it would certainly be "clearer" that unstable was dangerous to use.

in my experience, unstable has NOT been dangerous to use. It is
certainly no more dangerous than rex.

In fact, the machines which I have regularly upgraded from unstable have
been far less trouble than those which haven't been upgraded regularly.

I have said it before and i will say it again - upgrading regularly from
unstable leads to far less problems than waiting for the next official
release. Not only are there less problems overall, but you get less of
them at any one time.

occasionally there are one or two packages in unstable with bad
packaging - it is much much easier to deal with these one at a time than
it is to deal with 300 new/updated packages

> I don't see why it would necessarily make it more dangerous than it is
> now.

allowing anyone to upload leaves the system wide open. The ease of
subverting the system will invite attacks...it will be an inevitable
certainty rather than just a possibility.

allowing only registered developers to upload isn't any guarantee, but
the identity checks will keep out most of the children who play these
stupid games.

> Trusting their "good intentions" doesn't make it any less possible for
> us to make mistakes, even disasterous ones.

i can risk the possibility of a mistake. i can't risk the certainty of a
trojan.

> > if uploading to unstable is open to just anyone, then that trust will
> > disappear.
> 
> Making the reality of the situation more clear.

yes, it's a calculated risk.

> > what will also disappear will be the most useful aspect of debian
> > - ability to quickly and easily upgrade packages. 
> > 
> I don't see this either. What it means is you might not have access to a
> Debian package of the latest "bleeding edge" software, but that doesn't
> effect either the ease of an upgrade or the speed. Maybe I'm being dense
> here, but it's not on purpose...

my point was that if unstable is unusable because of the potential for
trojans then i will have lost the ability to upgrade at will. Tracking
unstable with dselect (either via ftp method or from a local mirror) is
IMO the most important 'feature' of debian.

> This is true, but what you are really saying here is that nothing is
> perfect. My contention is simply that testing software is more likely to
> find problems than testing people.

true, but both are necessary.

> > I have no problem with the rest of what you say - in fact, it makes
> > a lot of sense - but we should keep the current restrictions on
> > uploading to unstable.
>
> I would have no problem with a limited unstable (limited to uploads
> from qualified, registered, maintainers) and an unlimited public
> directory where these other packages could be placed before they are
> tested.
>
> > In short: I'm quite happy with the fact that 'unstable' isnt. lets
> > keep it that way.
>
> I think we can do this while still having a place for unrestricted
> public uploads.

fine.  i have no problem with your proposal then.

craig