Launchpad itself

  1. Bug #284141
  2. Comment #1

Comment 1 for bug 284141

Revision history for this message
Celso Providelo (cprov) wrote : Re: PPAs need an additional level of security to prevent comprise on projects that are free registeration

Hi Michael,

Don't you think your are overestimating this issue ?

I failed to see how a restricted-membership team helps to avoid malicious uploads. Quality assurance is still an user responsibility, he decides whether to enable a specific repository or not.

OTOH, it's important to note that it would be relatively simple to us, at this point, to decouple PPA upload permission from team membership. However we have to investigate if this extra-level of indirection really brings the benefits we are expecting.

For now, if you guys agree, I don't this bug as a private/security vulnerability. Can it be made public ?