On Wed, 2007-01-31 at 08:15 -0500, Alan Cox wrote: > On Wed, Jan 31, 2007 at 08:46:47AM +0100, Hans de Goede wrote: > > touched in a harmfull way. Just because someone is a beginning packager > > doesn't mean that he will start submitting random changes to other > > peoples packages. > > Your risk model is wrong. One of your beginning programmers (probably a beginner > but it could be any of us) gets trojanned. The attacker then inserts a worm > into the autoconf scripts for that package which goes around committing itself > to other packages while infecting anyone who builds the package and adding > backdoors to their machines > > Within a couple of days you'll have chaos. > > If users can only touch packages they have access to then the ability for this > kind of attack drops dramatically and its more likely to be picked up early. I don't see this. We all signed the CLI, we all log in through ssl, the VCS will log all changes, so everybody committing something already should be traceable. Whether somebody deliberately/non-deliberately places a trojan into a package not owned by him or owned by somebody else, or imports an infected tarball, doesn't make much of a difference. > And people *WILL* try this sort of stuff because the prize (breaking into the > Red Hat internal network) is so high The only thing that really changes with a merged Core/Extras is the impact infecting a central package, which nowadays is in Core would have, would likely be larger. E.g. a thief having stolen a Fedora maintainers's notebook or somebody having intruded into a system with his "secret ssl keys, passwd, etc." will find 2000-3000 packages more, he can place his malware on, than he could do until now. But .. isn't the likelihood of somebody intruding a Fedora mirror and placing malicious packages there, much larger? Ralf -- Fedora-maintainers mailing list Fedora-maintainers@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-maintainers -- Fedora-maintainers-readonly mailing list Fedora-maintainers-readonly@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-maintainers-readonly