[Fedora-legacy-list] Trust Issues (was: Re: System)
David J. Bianco
bianco at jlab.org
Tue Nov 4 21:13:12 UTC 2003
Warren Togami wrote:
> fedora.us and I believe Legacy should REFUSE to publish anything that
> has not been thoroughly checked by more than one trusted person. This
> is especially important for Legacy because far fewer people would be
> doing quality assurance and real world testing.
Another emphatic YES from me. If we expect people to trust us for security
patches, we must provide them with some assurance that a) the fix works, and
b) it does not contain malicious code. Neither of these determinations
should be left up to a single person, and CERTAINLY not to the person who
submits the patch.
I imagine the other Fedora developers are planning to address this problem,
since they also have to distribute code supplied by their semi-anonymous
developer community. Does anyone know how they plan to handle things?
David
--
David J. Bianco, GSEC GCUX GCIH <bianco at jlab.org>
Thomas Jefferson National Accelerator Facility
GPG Fingerprint: 516A B80D AAB3 1617 A340 227A 723B BFBE B395 33BA
The views expressed herein are solely those of the author and
not those of SURA/Jefferson Lab or the US DOE.
More information about the fedora-legacy-list
mailing list