Re: Announcing rpmfusion

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On 9/12/07, Nicolas Mailhot <nicolas.mailhot@xxxxxxxxxxx> wrote:
> There is a difference between trusting a repo and trusting it to
> authorize other repos

This is a rat hole.  If repositories are going to maliciously add
additional repositories, then the packages from that repo can very
well do pretty much all sorts of malicious reconfiguration. I don't
see why repo configuration is any more sensitive than other package
payloads or scriptlet actions.  Hell you don't even need to add an
additional file all you need to do is add additional repository
definitions in the repo file you already provide. I simply don't
understand how you could protect a client system from a repository
that wanted to ensure that a new repository definition was installed
and enabled by default.

On top of that there are justifiable reasons to need to add additional
repo files and additional repository tags inside a repo file due to
repository re-organization.

-jef

-- 
fedora-devel-list mailing list
fedora-devel-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/fedora-devel-list

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Index of Archives]     [Fedora Announce]     [Fedora Kernel]     [Fedora Testing]     [Fedora Formulas]     [Fedora PHP Devel]     [Kernel Development]     [Fedora Legacy]     [Fedora Maintainers]     [Fedora Desktop]     [PAM]     [Red Hat Development]     [Gimp]     [Yosemite News]
  Powered by Linux