Re: new features in package CVS

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Wed, 2007-01-31 at 09:45 -0500, Dan Williams wrote:
> On Tue, 2007-01-30 at 15:48 -0800, Peter Gordon wrote:
> > Bill Nottingham wrote:
> > > To add an ACL to your package, add a 'pkg.acl' file to either
> > > the package toplevel, or to a particular branch, such as FC-6
> > > or devel. ACLs are inherited; branches will inherit ACLs from
> > > the toplevel.
> > >
> > 
> > Is this ACL for CVS access only, or also for build submissions?
> 
> For build submissions, it would seem fairly easy to have the build
> system check the pkg.acl from it's pristine pkgcvs checkout and ensure
> that the job owner is listed in the pkg.acl file, and otherwise fail the
> job.  That's not as ideal as a real accounts system, since the buildsys
> would have to do some work before it could check the ACL, but it ensures
> that a build not requested by one of the owners would not be allowed.
> 
> Those in the job_admin group might still be allowed to build any
> package, like they can kill/requeue/finish any job already.  Thoughts?

On the one hand I like the idea of anyone being able to handle trivial
rebuilds.  On the other this gives the opportunity for anyone in the
BuildRequires path to potentially inject something malicious into your
program, but they pretty much have that anyway.

So I think overall it's better to leave the ACL as CVS only.

- ajax

--
Fedora-maintainers mailing list
Fedora-maintainers@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/fedora-maintainers

--
Fedora-maintainers-readonly mailing list
Fedora-maintainers-readonly@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/fedora-maintainers-readonly

[Index of Archives]     [Fedora Users]     [Fedora Development]     [Fedora Devel Java]     [Fedora Legacy]     [Fedora Desktop]     [Fedora SELinux]     [Big List of Linux Books]     [Yosemite News]     [KDE Users]

  Powered by Linux