Notification of uploads to the lookaside cache
Adam Jackson
ajax at redhat.com
Tue Dec 1 14:25:55 UTC 2009
On Sat, 2009-11-21 at 19:34 -0500, Jon Stanley wrote:
> As part of our ever vigilant stance towards security around our
> packaging process, we have added a new feature to upload.cgi (which
> accepts file uploads into the lookaside cache) which will email the
> package owner (<package>-owner at fedoraproject.org, specifically) and
> fedora-extras-commits at redhat.com whenever a file is uploaded to the
> lookaside cache. Previously this was a big black box and an area of
> concern.
>
> The message will contain the name of the file, the package concerned,
> the md5sum, and the user that uploaded it. An example is below:
>
> File upload.cgi for package sportrop-fonts has been uploaded to the
> lookaside cache with md5sum 26489f9e92601f0f84cfbb278c2b98e1 by
> jstanley
>
> Please let me know if you have any questions, comments, or room for improvement!
Can we get an X-Fedora-Upload: header in these or something? Filtering
by subject line always makes me feel dirty.
- ajax
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 198 bytes
Desc: This is a digitally signed message part
URL: <http://listman.redhat.com/archives/fedora-devel-list/attachments/20091201/6407e1a3/attachment.sig>
More information about the fedora-devel-list
mailing list