On Fri, 18 Feb 2011 23:30:22 -0200
Denis A. Altoé [email protected] wrote:
> Two new command line options were added:
Nice to see your work with makepkg in this area Denis - that's key (pun). From
what I've reviewed of what you're doing, I would say you're working in an area
that needs it for this to gain usage. So thanks! As for laziness, it's hard
to get motivated in an area where your work isn't pushed through to actual use
(that's what I meant by politics in this). But from what I'm reading it does
sound like some of the devs here do 'get it' with regard to the gaping hole in
Arch's package security, which is reassuring. I'm amazed there is so much
contention on this issue, though.
What Sourceforge had to say after they got caught with their pants down on
security:
Sourceforge.net has been around a long time, and security decisions
made a decade ago are now being reassessed. In most cases past
decisions were made around the general principle that we trust open
source developers to work together, play nice, and generally do the
right thing. Services were rolled out based on widespread trust for the
developer community. And that philosophy served us well. But in the
years since then, we’ve evolved from hundreds of sf.net users to
millions, and in many cases it’s time to re-assess the balance between
widespread trust and security.
http://sourceforge.net/blog/sourceforge-attack-full-report/
I think Arch is facing a similar transition. Due the quality work of its dev
its coming of age, and part of that means more exposure and interest from a
security perspective.
