On Tue, Jan 12, 2016 at 10:06:40AM -0500, Nico Kadel-Garcia wrote:
> Could we adjust the tooling so that a request for commit access
is
> automatically granted if it isn't answered within three months?
That's a potential security problem. If I, for example, can get
commit access to any idle program by claiming it when the original
maintainer is most busy, with no review or doublecheck of my quality
as a new maintainer, I can commit madness on a lot of low maintenance
projects.
As I understand it, your sponsor is supposed to look after your commits.
Given so many thousands of Fedora packages, it could get
fascinatingly risky, especially if I start committing intriguing
little '%post' procedures that interfere in subtle ways with other
packages.
Yes - there is a risk. But the large number of ignored packages in my
mind is the higher security risk.
--
sven === jabber/xmpp: sven(a)lankes.net