Fedora 13 Release Candidate Phase

Kevin Kofler kevin.kofler at chello.at
Fri May 21 00:29:55 UTC 2010

Adam Williamson wrote:
> Really? I don't think there's *that* many cases where a negative piece
> of karma is filed between the submission and the push which you'd want
> to ignore.

I think there are actually very many. We get a lot of invalid -1 votes for 
KDE updates (issues which have been there for ages, issues which have been 
caused by a completely unrelated update which happened to hit testing or 
stable at the same time) etc.

It'd also open the doors to effectively DoS updates.

> And even in the rare cases when that happens, if we warn or even unsubmit
> the update, it's not like you can't do anything about it. If we make it a
> warning...ignore the warning. If we make it withdraw the update...just
> submit it again. I'm having a hard time seeing that fall apart.

It means that a well-timed -1 can cause the update to miss the push (which 
is already a forced delay and thus a form of DoS), then it can be done again 
at the next push, ad infinitum, instant DoS.

> I don't really mind requiring bug numbers for negative karma (though, if
> anything, I reckon that'd have *more* problematic corner cases in
> itself). But I'm not sure it's really necessary for this.

I think it actually won't solve the problem at hand. The bug pointed to 
might not actually be caused by the update (see the first paragraph), or it 
could even be a dummy bug filed by a malicious DoSer.

        Kevin Kofler

More information about the devel mailing list