On Friday, July 3, 2020 9:48:06 AM CEST Pierre-Yves Chibon wrote: > So if we were to give the builders commit access to dist-git, an attacker > could easily commit to any other packages, potentially from something as easy > as a scratch-build. Absolutely! Koji authenticates build submitters (I'm not sure it authorizes them). So technically, _something_ on backend could be allowed to commit to dist-git (in the name of build submitter). Before the SRPM build task, Koji could request "GetReleaseBumpPatch" task, the builder could then just read-only clone the git, bump the release, return the patch back for backend -- and let Koji apply it. But yeah, that's off topic a bit. This is not what the current proposal is about. Pavel _______________________________________________ devel mailing list -- devel@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to devel-leave@xxxxxxxxxxxxxxxxxxxxxxx Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/devel@xxxxxxxxxxxxxxxxxxxxxxx
