Hi, In a recent discussion at https://www.reddit.com/r/openSUSE/comments/1ozu0l2/comment/npeyu4g/I noticed that there are around 35 accounts with write access to the Essentials repo.
This worries me because a compromise of any one of those accounts would allow for malicious code to be distributed to a lot of openSUSE users.
Maybe some of these accounts are not even used anymore?Would it be possible to reduce the number to below 10 and use more submit-requests with reviews for code updates?
Several packages are links to OBS anyway and don't need manual updating. So what do you think about that? Or is there some other way to increase the trustability of Packman packages? Ciao Bernhard M. Wiedemann (maintainer of openSUSE-Slowroll and security-enthusiast)P.S. I also sometimes test for reproducible-builds and so far results looked decent. Last test was 11 months ago.
OpenPGP_signature.asc
Description: OpenPGP digital signature
_______________________________________________ Packman mailing list [email protected] https://lists.links2linux.de/cgi-bin/mailman/listinfo/packman
