FAKE: Fedora Extras shipped popular package with rootkit and more than ten thousands systems were infected (was Re: Summary from last weeks FESCo meeting)

[Paul P Komkoff Jr]

Replying to Thorsten Leemhuis:
> 4. checkout some popular packages, upload new tarballs with a slightly
> different names and a root-kit in it. Modify the "Source0" accordingly  
> 5. commit the changes, hit "CTRL-C" at the right point of time so the
> commit-message is not send to commits-list

Either I am wrong or this clearly shows a major flaw in current
infrastructure when any with commit access can modify anything in the
extras tree?

-- 
Paul P 'Stingray' Komkoff Jr // http://stingr.net/key <- my pgp key
 This message represents the official view of the voices in my head