FAKE: Fedora Extras shipped popular package with rootkit and more than ten thousands systems were infected (was Re: Summary from last weeks FESCo meeting)
Christian.Iseli at licr.org
Christian.Iseli at licr.org
Fri Jun 2 08:45:11 UTC 2006
Nicolas Mailhot wrote:
> - when a package build is requested, send a magic cookie to all the
> associated maintainers and the security team and do not push the build
> till the cookie is returned by mail by one of them
I rather like the idea. I wonder how hard it'd be for that email to contain a
diff between:
- the spec file of the package currently in the repo
- the spec file that'll be used in the build request
That way, nasty changes in the spec would become fairly obvious...
Cheers,
Christian
More information about the fedora-extras-list
mailing list