Sent: Tuesday, November 18, 2025 at 1:11 PM From: "Bernhard M. Wiedemann" <[email protected]> > > In a recent discussion at > https://www.reddit.com/r/openSUSE/comments/1ozu0l2/comment/npeyu4g/ > I noticed that there are around 35 accounts with write access to the > Essentials repo. > > This worries me because a compromise of any one of those accounts would > allow for malicious code to be distributed to a lot of openSUSE users. > > Maybe some of these accounts are not even used anymore? > Would it be possible to reduce the number to below 10 and use more > submit-requests with reviews for code updates? > > Several packages are links to OBS anyway and don't need manual updating. > > So what do you think about that? > Or is there some other way to increase the trustability of Packman packages?
If there actually are 35 full maintainers, I agree it's too many. Perhaps someone should check the logs and disable such accounts that haven't been accessed recently and compartimentalise the rest better. Personally, I do have write access but it was given to me years ago back when I had far more spare time, so it can be pruned if that simplifies the process. Regards _______________________________________________ Packman mailing list [email protected] https://lists.links2linux.de/cgi-bin/mailman/listinfo/packman
