FAKE: Fedora Extras shipped popular package with rootkit and more than ten thousands systems were infected (was Re: Summary from last weeks FESCo meeting)
Thorsten Leemhuis
fedora at leemhuis.info
Thu Jun 1 16:51:50 UTC 2006
Am Donnerstag, den 01.06.2006, 18:36 +0200 schrieb Michael Schwendt:
> On Thu, 01 Jun 2006 17:00:12 +0200, Thorsten Leemhuis wrote:
>
> > I would even sleep really good if there would be a mechanism that checks
> > md5sum's against upstream packages. But that's quite complicated to
> > implement and might be to much overhead.
> Do you also want to check patches and compressed patches?
Well, as I said: "I would even sleep really good" -- We would have to,
but I don't think we have the man-power to do that.
> > > This discussion would also be useful in the
> > > context of developing a mechanism for having a team of people
> > > responsible for a package, rather than a single owner.
> > We really need that. But that's stalled mostly because nobody in FESCo
> > really works on driving it forward and the proposal from Patrice is
> > still in my Todo-Inbox. :-((
> Well, some packagers do it already. They simply talk to eachother and then
> add themselves to the Cc field in owners.list, since bugzilla cannot
> handle more than a single assignee.
That's only one small and easy part of the whole Co-Maintainers idea.
See my other mail I send in reply to scop I send ten minutes ago.
CU
thl
--
Thorsten Leemhuis <fedora at leemhuis.info>
More information about the fedora-extras-list
mailing list