new features in package CVS
Till Maas
opensource at till.name
Wed Jan 31 15:23:17 UTC 2007
On Wednesday 31 January 2007 16:19, Dan Williams wrote:
> Right, but anyone can request a build from any tag at any time. So if
> you tag something, but don't build it, then figure out that a security
> issues requires a new version, somebody else could have built your other
> one in the mean time. The attack is a lot less serious than allowing
> anyone to build anything, of course (since only the package owner can
> tag) but it does leave a few "holes" like this lying around.
Is there any reason to tag something other than to build it? If there is not
than maybe it would be better to reduce complexity and add the functionality
of "make tag" to "make build".
Regards,
Till
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/fedora-maintainers/attachments/20070131/adde81e4/attachment.sig>
More information about the Fedora-maintainers
mailing list