FAKE: Fedora Extras shipped popular package with rootkit and more than ten thousands systems were infected (was Re: Summary from last weeks FESCo meeting)
Paul P Komkoff Jr
i at stingr.net
Thu Jun 1 12:19:15 UTC 2006
Replying to Thorsten Leemhuis:
> 4. checkout some popular packages, upload new tarballs with a slightly
> different names and a root-kit in it. Modify the "Source0" accordingly
> 5. commit the changes, hit "CTRL-C" at the right point of time so the
> commit-message is not send to commits-list
Either I am wrong or this clearly shows a major flaw in current
infrastructure when any with commit access can modify anything in the
extras tree?
--
Paul P 'Stingray' Komkoff Jr // http://stingr.net/key <- my pgp key
This message represents the official view of the voices in my head
More information about the fedora-extras-list
mailing list