Security reviews for new packages
Jason L Tibbitts III
tibbs at math.uh.edu
Tue Nov 11 15:51:23 UTC 2008
I do many package reviews, and occasionally I see a package that is
fine packaging-wise but which I don't feel comfortable approving
because I know it has security implications. One such package is
schroot, which has some pam magic to allow users to set up chroots.
https://bugzilla.redhat.com/show_bug.cgi?id=447368
It's quite possible that I'm simply being overly paranoid, but of
course I'm not qualified to say one way or the other. Is it possible
for someone with more knowledge in this area to take a look at the
package? What would be needed? (Perhaps a scratch build, or are the
src.rpm and spec sufficient?)
Could we work out a simple procedure for doing this in the future?
- J<
More information about the Fedora-security-list
mailing list