Automatic Script Updater
Jeff Mitchell
mitchell at kde.org
Mon Nov 9 14:23:15 CET 2009
Mark Kretschmann wrote:
> *
> Increased security by more eyes and better accountability: If code is
> publicly hosted in a VCS, then someone boldly goes and adds a commit
> to it that contains malware, two things would happen: 1) Someone might
> actually notice the bad change, before it's too late. 2) We could
> exactly tell who added this change, and when the person did it. This
> should provide quite a barrier for such attempts.
This is after all what KDE does with its SVN -- only certain people have
access to commit to the tags directory. So the current maintainer could
have the ability to officially tag new releases of scripts and nobody
else, assuming a gatekeeper role.
--Jeff
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 261 bytes
Desc: OpenPGP digital signature
Url : http://mail.kde.org/pipermail/amarok-devel/attachments/20091109/c42432e5/attachment.sig
More information about the Amarok-devel
mailing list