Fedora Legacy advistory list is lacking
Dominic Hargreaves
dom at earth.li
Tue Mar 1 15:25:44 UTC 2005
On Tue, Mar 01, 2005 at 08:05:12AM -0500, Marc Deslauriers wrote:
> It should NOT be automated. Malicious people would be tempted to sent
> out fake advisories to get them automatically published to the web.
> Heck, they could even embed some php in them to try and compromise the
> server.
>
> A manual yes/no is mandatory IMHO.
Well, gpg verify from a known builder of updates. But yes, I agree.
It would be nice if the known builders were able to publish to the web
site and push package updates to the download server, too, of course ;)
--
Dominic Hargreaves | http://www.larted.org.uk/~dom/
PGP key 5178E2A5 from the.earth.li (keyserver,web,email)
More information about the fedora-legacy-list
mailing list