Re: RPM security (a newbie question)

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Rahul Sundaram wrote:
> Stanisław T. Findeisen wrote:
>> Well, it looks that those "review guidelines" cover mostly
>> administrative/legal issues. It looks that no one cares about the
>> source code.
>
> You missed that the review guidelines has a source check as well.
> Read it in detail.

While the review guidelines do make sure that the source code matches
upstream¹, that doesn't ensure that upstream doesn't have backdoors,
holes, malicious content, etc.

The only solution for that is more eyes loooking over the code that
makes up the OS.  What mitigates that is knowing that if upstream has
such code, it may be noticed not only by Fedora, but by any other
distro or user.  And that would surely become known rather quickly.

One big advantage that free software has is that anyone is free to
look over the code.  The more people that use that freedom, the better
off we'll all be.

¹ https://fedoraproject.org/wiki/Packaging:ReviewGuidelines includes:
  MUST: The sources used to build the package must match the upstream
  source, as provided in the spec URL.

-- 
Todd        OpenPGP -> KeyID: 0xBEAF0CE3 | URL: www.pobox.com/~tmz/pgp
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
I always keep a supply of stimulant handy in case I see a snake -
which I also keep handy.
    -- W. C. Fields

Attachment: pgp7qRafHNTD3.pgp
Description: PGP signature

-- 
fedora-list mailing list
fedora-list@xxxxxxxxxx
To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list
Guidelines: http://fedoraproject.org/wiki/Communicate/MailingListGuidelines
[Index of Archives]     [Older Fedora Users]     [Fedora Announce]     [Fedora Package Announce]     [EPEL Announce]     [Fedora Magazine]     [Fedora News]     [Fedora Summer Coding]     [Fedora Laptop]     [Fedora Cloud]     [Fedora Advisory Board]     [Fedora Education]     [Fedora Security]     [Fedora Scitech]     [Fedora Robotics]     [Fedora Maintainers]     [Fedora Infrastructure]     [Fedora Websites]     [Anaconda Devel]     [Fedora Devel Java]     [Fedora Legacy]     [Fedora Desktop]     [Fedora Fonts]     [ATA RAID]     [Fedora Marketing]     [Fedora Management Tools]     [Fedora Mentors]     [SSH]     [Fedora Package Review]     [Fedora R Devel]     [Fedora PHP Devel]     [Kickstart]     [Fedora Music]     [Fedora Packaging]     [Centos]     [Fedora SELinux]     [Fedora Legal]     [Fedora Kernel]     [Fedora OCaml]     [Coolkey]     [Virtualization Tools]     [ET Management Tools]     [Yum Users]     [Tux]     [Yosemite News]     [Gnome Users]     [KDE Users]     [Fedora Art]     [Fedora Docs]     [Asterisk PBX]     [Fedora Sparc]     [Fedora Universal Network Connector]     [Libvirt Users]     [Fedora ARM]

  Powered by Linux