On 12/17/20 6:58 PM, Jorge Fábregas wrote:
Yes... and how the malicious bits were delivered thru the update mechanism...a nice reminder for us on how careful we need to be when adding 3rd-party repos be it yum repos, flatpak repos, container repos and so on.
True. Even a single gpgcheck=0 is a risky thing, we know. But the rest of the world: - builds container images "FROM random_source" - runs "npm install random_thing" and "gem install random_thing" and then the best: - installs with: "curl http://random_site/install_script | sudo bash" Regards. -- Roberto Ragusa mail at robertoragusa.it _______________________________________________ users mailing list -- users@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to users-leave@xxxxxxxxxxxxxxxxxxxxxxx Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/users@xxxxxxxxxxxxxxxxxxxxxxx