undefined | Better HN

0 pointsyrro7y ago0 comments

Every line of code should have been reviewed by at least one DD. But the system is self policing, so it's hard to guarantee that that's the case. But Debian certainly leans towards being a curated collection of software rather than a wild west.

0 comments

icebraining7y ago

Self-policing? Aren't only DDs allowed to upload to the repositories? From what I understand, dak (the Debian archive management software) won't publish a package which hasn't been approved by a sponsor DD.

geofft7y ago

The part that's self-policing is that nobody verifies that a DD has in fact reviewed the code that they're signing and uploading (and as another reply points out, for large codebases like the Linux kernel, the maintainer almost certainly doesn't and just trusts the upstream signature).

j / k navigate · click thread line to collapse

0 pointsyrro7y ago0 comments

0 comments

icebraining7y ago

geofft7y ago

j / k navigate · click thread line to collapse