Comment by heywire

8 years ago

Do you know if there is any kind of review process? For example, let’s say a core maintainer’s machine is compromised and the attacker submits a new package on their behalf. Does anyone else need to review and sign off on the new package?

0 comments