Adam Williamson wrote:
Really? I don't think there's *that* many cases where a negative piece of karma is filed between the submission and the push which you'd want to ignore.
I think there are actually very many. We get a lot of invalid -1 votes for KDE updates (issues which have been there for ages, issues which have been caused by a completely unrelated update which happened to hit testing or stable at the same time) etc.
It'd also open the doors to effectively DoS updates.
And even in the rare cases when that happens, if we warn or even unsubmit the update, it's not like you can't do anything about it. If we make it a warning...ignore the warning. If we make it withdraw the update...just submit it again. I'm having a hard time seeing that fall apart.
It means that a well-timed -1 can cause the update to miss the push (which is already a forced delay and thus a form of DoS), then it can be done again at the next push, ad infinitum, instant DoS.
I don't really mind requiring bug numbers for negative karma (though, if anything, I reckon that'd have *more* problematic corner cases in itself). But I'm not sure it's really necessary for this.
I think it actually won't solve the problem at hand. The bug pointed to might not actually be caused by the update (see the first paragraph), or it could even be a dummy bug filed by a malicious DoSer.
Kevin Kofler