new features in package CVS
Josh Boyer
jwboyer at jdub.homelinux.org
Wed Jan 31 20:07:45 UTC 2007
On Wed, 2007-01-31 at 13:55 -0500, seth vidal wrote:
> On Wed, 2007-01-31 at 12:51 -0600, Josh Boyer wrote:
> > On Wed, 2007-01-31 at 09:45 -0800, David Lutterkort wrote:
> > > On Wed, 2007-01-31 at 07:55 -0800, Christopher Stone wrote:
> > > > And people at redhat are completely immune to such attacks while the
> > > > extra packagers are so nieve that it is very likely to happen once we
> > > > open up the core cvs.
> > >
> > > Don't look at this as a Red Hat vs. the rest of the world thing: even
> > > though I have a redhat.com mailing address, I don't expect to get commit
> > > access to the kernel, or glibc or 99% of the rest of the Fedora
> > > packages.
> > >
> > > And I don't want it: not having that access limits the things I need to
> > > worry about if my account gets compromised. My packages could still have
> > > been messed with, but at least it won't ripple into _all_ of Fedora
> > > needing an audit to make sure that a break into my account didn't
> > > compromise the distro.
> >
> > This is, perhaps, the sanest explanation of why the ACLs aren't entirely
> > a bad thing.
> >
>
> I don't think anyone is arguing that they are entirely a bad thing. In
> fact I'm completely cool w/them. I just don't like the attitude coming
> from some of the posters to this thread that the unwashed masses outside
> of red hat will have their accounts cracked and that will allow the
> crackers to compromise red hat's internal network.
Yeah, I know. And I agree. I was just trying not to add more fuel to
the flames ;)
> Maybe then the crackers will have control of the weather manipulation
> machine.
Hopefully they'll have the sense to warm things up here in MN.
josh
More information about the Fedora-maintainers
mailing list