On Wednesday 20 June 2007 11:27, Ralf Corsepius wrote: > On Wed, 2007-06-20 at 23:18 +0800, David Woodhouse wrote: > > On Wed, 2007-06-20 at 16:56 +0200, Ralf Corsepius wrote: > > > Without ACLs in effect he will be able to > > > compromise other packages than yours. > > > > We don't need an ACL on _commits_. We can have one on _builds_. > > Absolutely. IMO, this would be a reasonable compromise. The problem is that you will see a patch from someone that appears to be a maintainer. You might look it over or might not. If you looked it over, you might not realize it opens a hole in that package. The attacker has planted the problem and is waiting for you to do the build and distribute it to the world. When we take packages from upstream, there are a lot of eyes watching the package. If they are compromised, it will affect us, Debian, Suse, Mandriva, Ubuntu...iow there are a lot of people that might catch the problem. When it comes to a distribution, there are less people affected and malicious code could live longer before being detected. SE Linux can help a lot in being able to see sudden behavior changes, but there are only 200 or so domains that are confined. > > Or preferably just on _pushes_ to the repository -- people other than the > > maintainer can build an untagged package and the maintainer (or someone > > in the ACL) would have to tag it for the intended collection. > > Don't get me wrong, I am vehemently opposed to the current ACLs. IMO, > all they do is to close out "people who are following the rules of the > game" and are unlikely to help in cases of real attacks. All we are talking about is the default setting. You can remove it later if you want to take that risk. Its going to be a lot harder to re-establish trust if Fedora code base gets hacked than it was to have some preventive measures in the first place. -Steve -- Fedora-maintainers mailing list Fedora-maintainers@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-maintainers -- Fedora-maintainers-readonly mailing list Fedora-maintainers-readonly@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-maintainers-readonly
