On Wednesday, 31 January 2007 at 16:23, Till Maas wrote: > On Wednesday 31 January 2007 16:19, Dan Williams wrote: > > > Right, but anyone can request a build from any tag at any time. So if > > you tag something, but don't build it, then figure out that a security > > issues requires a new version, somebody else could have built your other > > one in the mean time. The attack is a lot less serious than allowing > > anyone to build anything, of course (since only the package owner can > > tag) but it does leave a few "holes" like this lying around. > > Is there any reason to tag something other than to build it? If there is not > than maybe it would be better to reduce complexity and add the functionality > of "make tag" to "make build". Seconded. I always do "make tag build" anyway. Regards, R. -- Fedora Extras contributor http://fedoraproject.org/wiki/DominikMierzejewski Livna contributor http://rpm.livna.org MPlayer developer http://mplayerhq.hu "Faith manages." -- Delenn to Lennier in Babylon 5:"Confessions and Lamentations" -- Fedora-maintainers mailing list Fedora-maintainers@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-maintainers -- Fedora-maintainers-readonly mailing list Fedora-maintainers-readonly@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-maintainers-readonly
