FAKE: Fedora Extras shipped popular package with rootkit and more than ten thousands systems were infected (was Re: Summary from last weeks FESCo meeting)

[Nicolas Mailhot]

Hi,

You don't need complex ACL features to make the current system a lot
more secure. Just :
- ironclad the mail sending on commit
- systematically send a copy of the commit message to the list of
maintainers associated with a package (most maintainers do not have time
to follow the full FE commit list)
- when a package build is requested, send a magic cookie to all the
associated maintainers and the security team and do not push the build
till the cookie is returned by mail by one of them
- setup a webscm somewhere and automatically create user profiles which
include history views of all the packages associated with each
individual FE member.

Because, you know, if we make sure everything which happens is
communicated to the right people before the result is pushed to users
there is absolutely no need to protect against malicious users. Besides
re-reading their changes this will help maintainers catch their own
honest mistakes.

-- 
Nicolas Mailhot
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 197 bytes
Desc: Ceci est une partie de message num?riquement sign?e
URL: <http://listman.redhat.com/archives/fedora-extras-list/attachments/20060601/af9cba59/attachment.sig>