On Fri, Aug 17, 2018, 20:53 Richard W.M. Jones <rjones@xxxxxxxxxx> wrote:
While I agree that this is a good idea, I have one note of caution:
What's to stop someone adding a malicious package which did something
like ‘Provides: glibc’ and subsequently infects everyone's machine?
I think we'd want to consider the security implications of accepting
packages after only automated review.
I agree. I think a pair of human eyes will have to look at package submissions at least until we have a sufficiently advanced FPC AI to do it ;)
However, I think using automated checks for existing packages would be a nice thing (although fedora-review isn't suited to do that right now, and is out of sync with current guidelines).
Fabio
Rich.
--
Richard Jones, Virtualization Group, Red Hat http://people.redhat.com/~rjones
Read my programming and virtualization blog: http://rwmj.wordpress.com
virt-builder quickly builds VMs from scratch
http://libguestfs.org/virt-builder.1.html
_______________________________________________
devel mailing list -- devel@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe send an email to devel-leave@xxxxxxxxxxxxxxxxxxxxxxx
Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/devel@xxxxxxxxxxxxxxxxxxxxxxx/message/YQDW7BJDV46ZBW5VEJU6UKK3JSA2D4QO/
_______________________________________________ devel mailing list -- devel@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to devel-leave@xxxxxxxxxxxxxxxxxxxxxxx Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/devel@xxxxxxxxxxxxxxxxxxxxxxx/message/WN2GBA2SWXYVTY24FWBG53DILWV4BHDI/
