Quoting Marc Deslauriers <marcdeslauriers@xxxxxxxxxxxx>: > It should NOT be automated. Malicious people would be tempted to sent > out fake advisories to get them automatically published to the web. If done by the publisher, then this wouldn't be a problem. If done via an e-mail subscription, then this is true and a valid issue. > A manual yes/no is mandatory IMHO. Well, that's fine, and the way we've been doing it. The problem is, if I'm the only one doing it, and I leave for a 2 week vacation, what happens? So far, what happens is this discussion, which is a great start! I had not thought of the security concerns before. I see this as being pretty much a show stopper for the automatted e-mail approach. It pushes it back towards Jesse's idea of the creator of the advisory doing a direct cvs checkin or something similar. > Marc. -- Eric Rostetter -- fedora-legacy-list@xxxxxxxxxx http://www.redhat.com/mailman/listinfo/fedora-legacy-list
