new features in package CVS
Callum Lerwick
seg at haxxed.com
Thu Feb 1 16:14:01 UTC 2007
On Wed, 2007-01-31 at 08:15 -0500, Alan Cox wrote:
> Your risk model is wrong. One of your beginning programmers (probably a beginner
> but it could be any of us) gets trojanned. The attacker then inserts a worm
> into the autoconf scripts for that package which goes around committing itself
> to other packages while infecting anyone who builds the package and adding
> backdoors to their machines
Because a bazillion suspicious commits across thousands of packages from
the same person would NEVER get noticed before the repo push...
The place to stop this is to have package signing/pushes continue to be
a manual process in some way. If something suspicious happens, just
don't push the packages to the repos until you're certain you can trust
them.
I feel fascist ACLs everywhere is damaging to the community. Its a big
glowing neon sign saying we DON'T trust each other. It only hides
problems. Its the difference between being in the same room with a bunch
of people, each holding a knife, and everyone locking themselves in
separate rooms holding a knife. Sure, you might not get stabbed in the
back right away, but for all you know, someone else might be sitting in
their room, stewing and frothing, just waiting for the chance to stab
you in the back the second you open the door. I'd rather, err, get
stabbed in the back right away. I guess. Okay so that's a bizarre
analogy but its all I can think of right now...
... On the other hand, I don't think locking down certain critical
packages, like the gcc toolchain and the kernel, is entirely
unreasonable.
The key here is we should have the tools for detection and prevention to
be a community process. It should be a HUMAN process based on trust, not
a distrustful, paranoid process based on barriers, fences and walls.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
URL: <http://listman.redhat.com/archives/fedora-maintainers/attachments/20070201/73dbdaa3/attachment.sig>
More information about the Fedora-maintainers
mailing list