On 2012-09-07 23:50, troopa wrote:
Personally, I find this to be an unacceptable standard. Especially
coming from a project that is directly associated with a reputable
project like RedHat. Sure, maybe security is more important to me
than
most everyone else, but security should at least be important enough
to at least check the code to verify it provides advertised
functionality and nothing more.
Think about the practical implications of this. Take, say, MATE or
Cinnamon, both recently added or trying to be added to Fedora repos.
This would require both the packager and reviewer to be a) capable of
and b) have enough time to review the _entire_ code base of each project
and declare that they found no security issues. It's an incredibly
difficult process.
I'd take a high level summary and say that Fedora's processes and
policies, broadly, assume an element of good faith. Your proposal
appears to take the opposite tack: a defensive posture, assuming all new
code is bad until proven otherwise. This is a very difficult stance for
a project like Fedora to take convincingly. After all, if someone's
trying to trojan in something evil, why would you expect them to leave
it in plain sight? Surely they'd try to obfuscate it as much as
possible. As the Obfuscated C Code Contest and others show, there's all
sorts of possibilities down this line. If we're going to take a
defensive posture to all proposed Fedora packages, we'd need a corps of
elite coders to review every submitted package with a fine-toothed comb.
In practice, we have enough trouble just finding people committed
enough to perform the currently required review processes. It seems
unrealistic to believe Fedora is capable of performing a comprehensive
security audit on all the zillions of lines of code it contains and
which are regularly added to it...
Bodies with really serious security needs, like the NSA, have always
taken 'consumer level' products like Fedora and performed their own
security evaluations on them. I don't think that's an unreasonable
approach. If you have really serious security requirements, then you may
need to shoulder some of the burden of enforcing them yourself.
--
Adam Williamson
Fedora QA Community Monkey
IRC: adamw | Twitter: AdamW_Fedora | identi.ca: adamwfedora
http://www.happyassassin.net
--
security mailing list
security@xxxxxxxxxxxxxxxxxxxxxxx
https://admin.fedoraproject.org/mailman/listinfo/security
