On 11/18/2009 07:30 PM, Seth Vidal wrote:
On Wed, 18 Nov 2009, Dennis J. wrote:
In fact I agree with you but this doesn't really address my point.
How do you make sure the packages that are part of your minimal list
don't introduce such a backdoor with the next update?
You check them.
That's the best you can do.
It's just like anything else:
How are you sure no one introduces a package into 'updates' which
obsoletes glibc? We check them and hope we catch problems.
Changing policy is not the same as introducing a problem. There should at
least be a process for packages to go through if they want to make changes
like PackageKit did so that this kind of thing shows up on peoples radars
earlier can be peer-reviewed and if necessary be mentioned in the
release-notes. Also these changes should probably not be introduced for
updates between releases.
My basic point is that changes that allow packages to elevate their
privileges should set of some process based formal alarm when they are
introduced rather than being discovered by accident after a release.
Regards,
Dennis
--
fedora-devel-list mailing list
fedora-devel-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/fedora-devel-list
