Fedora Legacy advistory list is lacking
Eric Rostetter
rostetter at mail.utexas.edu
Tue Mar 1 16:17:56 UTC 2005
Quoting Marc Deslauriers <marcdeslauriers at videotron.ca>:
> It should NOT be automated. Malicious people would be tempted to sent
> out fake advisories to get them automatically published to the web.
If done by the publisher, then this wouldn't be a problem. If done
via an e-mail subscription, then this is true and a valid issue.
> A manual yes/no is mandatory IMHO.
Well, that's fine, and the way we've been doing it. The problem is, if
I'm the only one doing it, and I leave for a 2 week vacation, what happens?
So far, what happens is this discussion, which is a great start!
I had not thought of the security concerns before. I see this as being
pretty much a show stopper for the automatted e-mail approach. It pushes
it back towards Jesse's idea of the creator of the advisory doing a direct
cvs checkin or something similar.
> Marc.
--
Eric Rostetter
More information about the fedora-legacy-list
mailing list