On Wednesday, 07 February 2007 at 15:51, Jesse Keating wrote: > On Wednesday 07 February 2007 07:54, Roozbeh Pournader wrote: > > These rants are of course relevant only because I was the person whose > > laptop with the SSH keys was stolen, which could theoretically be used > > to find a way into the Extras system. The keys were of course password > > protected and I reported the situation to Fedora people as soon as > > possible on IRC, by email, and every other way I thought before a brute > > force could be used to find the passwords, but if we want to think about > > all the possible scenarios, a targeted attack could even have used my > > collaboration. > > > > Theoretically, someone may still use physical force on me and get me to > > type my password and insert whatever code he sees appropriate where he > > wishes. Do I value the security of Fedora users more than my life or my > > family's? Definitely not! > > it is not so much about somebody stealing your account, it's about somebody > going through the process to create their _own_ account. Once that has been > done ( and we keep wanting to LOWER the barrier for this!! ), if there are no > barriers in place, that person can now run roughshod all over all the > packages, making any changes they want, building anything they want, causing > automated pushes to push out whatever they built, leading to people grabbing > packages and getting rooted, That won't happen THAT easily. Isn't the sign-and-push process manual? Aren't the people who handle it supposed to check what they sign? > or even worse, insert some small thing in a package that gets pulled into > most buildroots that will further taint any more builds. Could be hard > to detect until it is far far too late. It would be stopped at the sign-and-push stage at worst. I'm sure there are many eyes following the cvs commits list. It would be spotted quite fast IMHO. > With proper barriers in place, > the most damage a rouge user can do is to their own > package, or to any packages foolishly left wide open. I don't really mind the ACLs as much as I do mind having to go through another approval (for CVS import) after my package has ALREADY been APPROVED. Regards, R. -- Fedora Extras contributor http://fedoraproject.org/wiki/DominikMierzejewski Livna contributor http://rpm.livna.org MPlayer developer http://mplayerhq.hu "Faith manages." -- Delenn to Lennier in Babylon 5:"Confessions and Lamentations" -- Fedora-maintainers mailing list Fedora-maintainers@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-maintainers -- Fedora-maintainers-readonly mailing list Fedora-maintainers-readonly@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-maintainers-readonly
