Thorsten Leemhuis wrote:
On 19.06.2007 19:24, Steve Grubb wrote:
This needs to be clear. Its for security. If you take all ACLs off the
packages and an account becomes compromised, the attacker can get to
everything.
Please keep the ACLs by default so that there is not a window where a package
is left unguarded if it needed to be.
I'd say we should work towards a middle ground -- ACLs by default, but
create some kind of "trusted contributers group (say sponsors, FESCo
members and packagers with more then 25 packages) that get access
everywhere.
I'm just playing devil's advocate here, but I don't think Steve is
worried about what I might do to your precious, precious packages. He's
worried about what the guy who roots my laptop in a coffee shop might do
to them.
(In Eastern Massachusetts, the odds are actually fairly high that
there's more than one coder geek in any given coffee shop at a time.
Some of them are Debian users. Think about it...)
--
Peter, who knows of no attacks on his laptop by Debian users.
--
Fedora-maintainers mailing list
Fedora-maintainers@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/fedora-maintainers
--
Fedora-maintainers-readonly mailing list
Fedora-maintainers-readonly@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/fedora-maintainers-readonly
