On Mon, Oct 04, 2021 at 02:42:58PM -0400, Matthew Miller wrote:
On Mon, Oct 04, 2021 at 05:52:33PM +0000, Zbigniew Jędrzejewski-Szmek
wrote:
> > I like the idea!
> > We can block such a package from ever appearing in a compose in pungi.
> Is this really necessary? The package will not be open to anyone,
> but only for approved contributors. Malicious behaviour is not more
> likely then in any other package (and would be immediately caught).
> I think we're thinking up technical solutions to something that is
> not a problem.
Yeah, I think making it a real package is a good idea. Maybe even a little
packaged script that runs
xdg-open
https://docs.fedoraproject.org/en-US/fedora-join/
?
The package itself can even be a gateway to onboarding for the curious, but
more importantly, it'd act more like a real package.
True. As long as there's a group of experenced folks watching it, that
should be ok.
kevin