new features in package CVS

Dominik 'Rathann' Mierzejewski dominik at greysector.net
Wed Jan 31 15:24:46 UTC 2007


On Wednesday, 31 January 2007 at 16:23, Till Maas wrote:
> On Wednesday 31 January 2007 16:19, Dan Williams wrote:
> 
> > Right, but anyone can request a build from any tag at any time.  So if
> > you tag something, but don't build it, then figure out that a security
> > issues requires a new version, somebody else could have built your other
> > one in the mean time.  The attack is a lot less serious than allowing
> > anyone to build anything, of course (since only the package owner can
> > tag) but it does leave a few "holes" like this lying around.
> 
> Is there any reason to tag something other than to build it? If there is not 
> than maybe it would be better to reduce complexity and add the functionality 
> of "make tag" to "make build".

Seconded. I always do "make tag build" anyway.

Regards,
R.

-- 
Fedora Extras contributor  http://fedoraproject.org/wiki/DominikMierzejewski
Livna contributor http://rpm.livna.org MPlayer developer http://mplayerhq.hu
"Faith manages."
        -- Delenn to Lennier in Babylon 5:"Confessions and Lamentations"




More information about the Fedora-maintainers mailing list