On Thu, 29 Jan 2009, Thomas Moschny wrote: > 2009/1/29 Conrad Meyer <konrad@xxxxxxxxxx>: > > In either case, the package owner gets an email summarizing changes to CVS, > > and can revert the CVS change. If the newbie was malevolant and/or the problem > > persists, they can be kicked out of Fedora. If not, they learned their lesson > > (similar to Wikipedia's "please go play in the sandbox, kid"). > > Unless (as I was told today on IRC, did not try that myself) there's > still some sort of long-standing bug allowing you to suppress that > email by pressing ctrl-c at the right moment. Yes, this issue still exists. It happend to myself accidentally a couple of times in the past, when switching and acting to the wrong screen. But didn't we learn in this thread, that Fedora only has good people, that never wouldn't exploit such an issue? Wasn't there "believe-in-good-will" mentioned by drago01 or the "you'll have to accept that not everyone is as paranoid as you" by Kevin Kofler? That are just two examples, the third one is anyway at the beginning of this e-mail. Believe in good of all Fedora people can't be the way how we handle security relevant things. And the provenpackager thing is IMHO somehow related to that, as it currently even protects us from harmful actions, where we maybe wouldn't get noticed via e-mail about, caused by this long-standing CVS issue. And yes, I know I'm the only bad guy in whole Fedora (except the Robert Scheck-haters as Conrad Meyer luckily pointed out). Nicolas Mailhot is putting me to his shitlist...so yes, there is really no reason why we do not need security and some paranoia at the Fedora Project as long as we have enough believe in good will. And as the former bad guy Thorsten got more and more inactive in the last time, it looks like it's just me... ;-) If we're really going to make provenpackagers useless as some people have suggested on this thread, we must fix that outstanding security issue in before - independent whether I'm considered to be paranoid or not. I still wonder, why this didn't get assigned/solved/fixed until now. Oh, if I've already the salt in my hands: I didn't hear since my December 2008 mail and a more-or-less-reply, that work is going on, no public news regarding the current status: The intrusion into the servers of the Fedora Project is still not solved - or does somebody hope, that it gets silently forgotten? Maybe our "CSI Fedora" [1] can really take care about and do one or another autopsy to present the facts after 60 minutes as in TV series? So we could hand out this case to "CSI Miami" or "CSI New York" instead of trying to close the files in a silent way, too... Security starts in the beginning and applying security updates is not the whole thing - same as at quality rather quantity! And the minor details are deciding whether it is safe, a hole or whether it's a feature or a bug. I would like to assign the above mentioned issues to Paul and the rest of the Fedora board with a higher priority as in before - I think we all can agree here, that the current situation about lack of open communication and the security issues are absolutely indiscutable, right? [1] http://infrastructure.fedoraproject.org/csi/ Greetings, Robert -- fedora-devel-list mailing list fedora-devel-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-devel-list