On 31 Jan 2006, at 15:10, Matthew Toseland wrote: > On Tue, Jan 31, 2006 at 02:48:42PM -0800, Ian Clarke wrote: >> I don't think so - sending people 3MB emails through a mailing list >> is not acceptable. >> >> If someone wants to look at those changes - then they can do-so >> through the subversion command line client. > > It is far more convenient to do so through the mailing list, that > is why > we HAVE the mailing list. And our security rests on people watching > it.
Ok, hands up who will audit 3MB commits... > That can be most easily verified if we let everything through. If you think sending 3MB commits to a mailing list means committed code is being audited, then you are living in a dreamland. The reality is that sending such large files to the cvs mailing list will only encourage users to unsubscribe, which will not help our security. >> >> BTW - why are we checking Frost source code into our subversion >> repository? > > I explained. Because sleon needs somewhere to put the code in case he > gets run over by a bus while on holiday, and because sourceforge is > playing up. We have to be careful getting too closely associated with any third- party project that could be used to make a case for inducement of copyright infringement against us. I am not saying that Frost would necessarily do this, but we need to be cautious. Ian.
