[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: FAKE: Fedora Extras shipped popular package with rootkit and more than ten thousands systems were infected (was Re: Summary from last weeks FESCo meeting)



On 01/06/06, Konstantin Ryabitsev <icon fedoraproject org> wrote:
In any case, this isn't a contingency we should really be spending
that much time over, short of potentially developing a system of ACLs
that would restrict CVS commits only to the actual package owners.

Would it help this discussion if the technicalities of developing such
a system were put on the table (apologies if this has been discussed
before and I missed it) ? This discussion would also be useful in the
context of developing a mechanism for having a team of people
responsible for a package, rather than a single owner. Do the problems
with the apprach alluded to by Konstantin have their roots in the
limitations of CVS permissions, or are there other issues?

Jonathan


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]