new features in package CVS
Dominik 'Rathann' Mierzejewski
dominik at greysector.net
Wed Jan 31 15:24:46 UTC 2007
On Wednesday, 31 January 2007 at 16:23, Till Maas wrote:
> On Wednesday 31 January 2007 16:19, Dan Williams wrote:
>
> > Right, but anyone can request a build from any tag at any time. So if
> > you tag something, but don't build it, then figure out that a security
> > issues requires a new version, somebody else could have built your other
> > one in the mean time. The attack is a lot less serious than allowing
> > anyone to build anything, of course (since only the package owner can
> > tag) but it does leave a few "holes" like this lying around.
>
> Is there any reason to tag something other than to build it? If there is not
> than maybe it would be better to reduce complexity and add the functionality
> of "make tag" to "make build".
Seconded. I always do "make tag build" anyway.
Regards,
R.
--
Fedora Extras contributor http://fedoraproject.org/wiki/DominikMierzejewski
Livna contributor http://rpm.livna.org MPlayer developer http://mplayerhq.hu
"Faith manages."
-- Delenn to Lennier in Babylon 5:"Confessions and Lamentations"
More information about the Fedora-maintainers
mailing list