QA process was Re: RPM submission procedure
Rudi Chiarito
nutello at sweetness.com
Thu Jan 8 20:20:36 UTC 2004
On Thu, Jan 08, 2004 at 03:04:15PM -0500, Toshio wrote:
> Source URL had changed.... Perhaps having the autobuilder not build new
> packages or packages with new Source URLs (hosts?) without having peer
> review done first would be sufficient?
You could still have the package served by a CGI that returns a
malicious version of the archive if and only if being fetched from the
host(s) the autobuilder runs on, while handing everyone else the benign
version.
Rudi
More information about the fedora-devel-list
mailing list