On Wednesday 31 January 2007 16:19, Dan Williams wrote: > Right, but anyone can request a build from any tag at any time. So if > you tag something, but don't build it, then figure out that a security > issues requires a new version, somebody else could have built your other > one in the mean time. The attack is a lot less serious than allowing > anyone to build anything, of course (since only the package owner can > tag) but it does leave a few "holes" like this lying around. Is there any reason to tag something other than to build it? If there is not than maybe it would be better to reduce complexity and add the functionality of "make tag" to "make build". Regards, Till
Attachment:
pgpgNazuSihOD.pgp
Description: PGP signature
-- Fedora-maintainers mailing list Fedora-maintainers@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-maintainers
-- Fedora-maintainers-readonly mailing list Fedora-maintainers-readonly@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-maintainers-readonly
