On Mon, Aug 17, 2020 at 08:39:02PM +0200, Jonas Smedegaard wrote: > Quoting Federico Ceratto (2020-08-17 20:17:49) > > On Thu, Aug 6, 2020 at 5:40 PM Roberto C. Sánchez <[email protected]> > > wrote: > > > Perhaps instead of requiring "a valid DD signature" as the basis for > > > "important" project actions (e.g., uploading to the archive), we should > > > consider rather "degree of trust associated with a collection of one or > > > more signatures". > > > > Forking the conversation a bit, I'm wondering what is the real threat > > that we want to mitigate. > > I guess the main one is: "a malicious DD uploads a package containing > > a backdoor" > > Also: "a malicious DD votes twice"
If the term "malicious DD" is reasonable, we have a bigger problem than "votes twice" or "uploads a backdoor". aka, "a malicious DD exists" is already a problem. -- To the thief who stole my anti-depressants: I hope you're happy -- seen somewhere on the Internet on a photo of a billboard
