Re: Shared System Certificates followup: Packaging Guidelines?

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 01/08/2014 02:57 PM, Kai Engert wrote:
> On Mi, 2014-01-08 at 13:38 -0500, Stephen Gallagher wrote:
>> I don't really see this being more likely than an existing
>> application just bundling a wrapper script for certificate
>> generation and 'update-ca-extract' and quietly running that as
>> part of %post. Just as easy to miss and equally effective (with
>> much less trouble).
> 
> true
> 
>> I don't think that we can really write policy that eliminates the
>> risk of a determined abuse of the available technology.
> 
> Probably. What do you think about adding a section to package
> reviewing guidelines, which says that packages that add files to
> the global CA directories should provide reasoning, and have
> someone check that reasoning. It might at least make people aware
> this is something to be careful with.
> 

That seems perfectly reasonable to me.

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/

iEYEARECAAYFAlLNrsEACgkQeiVVYja6o6MNFwCgnEsvPTGHq7sP4/X6egK5ezRm
o+4AoK56OXwUSWVnExN6E6aBJf/krG2m
=bPGB
-----END PGP SIGNATURE-----
-- 
devel mailing list
devel@xxxxxxxxxxxxxxxxxxxxxxx
https://admin.fedoraproject.org/mailman/listinfo/devel
Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct





[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Index of Archives]     [Fedora Announce]     [Fedora Kernel]     [Fedora Testing]     [Fedora Formulas]     [Fedora PHP Devel]     [Kernel Development]     [Fedora Legacy]     [Fedora Maintainers]     [Fedora Desktop]     [PAM]     [Red Hat Development]     [Gimp]     [Yosemite News]
  Powered by Linux