On Wed, Jan 31, 2007 at 08:15:41AM -0500, Alan Cox wrote: > On Wed, Jan 31, 2007 at 08:46:47AM +0100, Hans de Goede wrote: > > touched in a harmfull way. Just because someone is a beginning packager > > doesn't mean that he will start submitting random changes to other > > peoples packages. > > Your risk model is wrong. One of your beginning programmers (probably a beginner > but it could be any of us) gets trojanned. The attacker then inserts a worm > into the autoconf scripts for that package which goes around committing itself > to other packages while infecting anyone who builds the package and adding > backdoors to their machines That could happen to anybody, and I don't think that it is a practical attack. In mock, packages are built in a chroot and not by root. We look (or should look) at the commit list for packages we are interested in. Trojaned packages would only hurt those who rebuild packages without looking at the import. In my opinion, and I still may be wrong, most of the fedora contributors are experienced and less prone to be hurt by trojans than other people. And lastly I believe is that upstream sources at least as prone as this kind of attack than a fedora without ACLs on CVS. Of course there is still more risks without ACLs on cvs, but I think that in the balance of risk versus practicability, having something open is better. For gcc, kernel, libc, maybe perl and python, sure there could be ACLs, for more collaborative stuff, especially what comes from fedora extras, I think it is better to keep things open. -- Pat -- Fedora-maintainers mailing list Fedora-maintainers@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-maintainers -- Fedora-maintainers-readonly mailing list Fedora-maintainers-readonly@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-maintainers-readonly
