Two FAS accounts for the same person - permitted?

Adam Williamson awilliam at redhat.com
Fri Feb 5 06:55:50 UTC 2010


On Tue, 2010-02-02 at 18:39 +0200, Juha Tuomala wrote:

> There are around 200 countries and some have quite long distances,
> requiring to meet people face to face doesn't really sound very 
> feasible. Not being feasible doesn't remove the problem however.
> 
> Easier would be to write red warning into wiki that "We actually
> don't know who took part of building fedora, so consider yourself 
> warned."
> 
> Didn't someone just crack berlios site to inject something into
> projects? In fedora you don't even need to crack anything, you get
> invited to commit.

This applies to virtually every software project in the world (with the
possible exception of anything developed by the NSA, but then you'd have
to trust the NSA when they say 'noooo, we didn't put any secret
backdoors in. Doesn't sound like something we'd do.') Proprietary
vendors may claim to know everyone who wrote code in their projects, but
how would you know they're telling the truth? And how can you trust them
to have properly vetted all those people? With single person projects
that isn't a problem, but as you so acutely pointed out, you have no way
of knowing who that person actually is.

Asking these kinds of questions may seem like you're being clever and
pointing out scary stuff but in the end it's a bit like pointing out
that the universe is, like, huge, man, and nothing we do really, like,
matters, you know? Everyone involved knows these things, but it's just a
*tad* impossible to do a lot about it, if you're going to get really
anal about pointing out the potential problems.
-- 
Adam Williamson
Fedora QA Community Monkey
IRC: adamw | Fedora Talk: adamwill AT fedoraproject DOT org
http://www.happyassassin.net



More information about the devel mailing list