Le Wed, Oct 12, 2022 at 12:14:35AM +0000, Scott Kitterman a écrit : > > What fraction of security issues we've had in Debian do you think > narrower upload permissions would have prevented?
Exactly zero. But my comment is not about the past, it is about the future. I think that a proper risk assessment would be worth doing, an I also think that this mailing list is not a proper place for doing it, not because of secrecy but because of noise and lack of focus. Discussing the conclusions here would of course be important. On my side, I would be fine if my upload key would be restricted to the packages that me and my packaging team maintain. I am very unlikely to need archive-wide privileges in the near future. Have a nice Sunday, Charles -- Charles Plessy Nagahama, Yomitan, Okinawa, Japan Debian Med packaging team http://www.debian.org/devel/debian-med Tooting from work, https://mastodon.technology/@charles_plessy Tooting from home, https://framapiaf.org/@charles_plessy