On Wed, Nov 18, 2009 at 5:18 PM, Jeff Garzik <jgarzik@xxxxxxxxx> wrote: > > You forget we have botnets doing distributed cracking now. But...if you've cracked the root password, there are rather easier (and less audited) routes to trojaning the system than adding a third party yum repository and downloading your malicious RPM. > And this enormous security hole of a policy change was done with next to > /zero/ communication, making it likely that many admins will not even know > they are vulnerable until their kids install a bunch of unwanted packages. I think you are correct that the change could have been documented better. -- fedora-devel-list mailing list fedora-devel-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-devel-list
