On Wed, 18 Nov 2009, James Antill wrote:
1. Does "install" of obsoleting packages come under the same auth. (if so I can now arbitrarily upgrade certain packages). 2. Does "install" of installonly come under the same auth. (if so I can now stop kernel upgrades).
+1
4. Are there any attacks against packages with "default on" services? (Note that you can almost certainly wait until there is an attack, and then install the insecure service).
And if we have default on services then I think we should take a good LOOOOOOOOOONG look at them.
7. And the most obvious one ... how hard is it to get a bad package into one of the repos. that the machine has enabled.
+many -sv -- fedora-devel-list mailing list fedora-devel-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-devel-list