|
|
|
|
|
|
by always_good
2767 days ago
|
|
|
Then let me ask you, how long should have dominic let right9ctrl contribute to the project before trusting him and giving him publish capabilities? With hindsight, we know that right9ctrl is going to publish a backdoor the second he gets rights. How long do you make right9ctrl wait? And does that accomplish what you want? If you think that ownership transfer should exist at all, then the attack vector still exists no matter how long you wait to trust right9ctrl. |
|
|
There are a number of factors that could be considered when giving somebody this kind of responsibility, including existing contributions to open source, contributions to the project at hand, and public profile. As far as I can tell, "right9ctrl" had none of these.