On 9/5/22 16:54, Maxwell G via devel wrote:
On Monday, September 5, 2022 Peter Robinson wrote:
> it would probably be easier to join and become a packager by
> packaging a random leaf package no one would use, then as a packager
> pick up an random orphaned package that's in the core distro and then
> just compromise the distro that way TBH.
They wouldn't even need to pick up a core package. "Supplements: kernel"
would
get them far enough...
Only solution I know is to require review of certain changes to
package dependencies, enforced by post-build automated checks.
Not sure which changes should require such review.
--
Sincerely,
Demi Marie Obenour (she/her/hers)