new features in package CVS
Patrice Dumas
pertusus at free.fr
Wed Jan 31 16:19:48 UTC 2007
On Wed, Jan 31, 2007 at 08:15:41AM -0500, Alan Cox wrote:
> On Wed, Jan 31, 2007 at 08:46:47AM +0100, Hans de Goede wrote:
> > touched in a harmfull way. Just because someone is a beginning packager
> > doesn't mean that he will start submitting random changes to other
> > peoples packages.
>
> Your risk model is wrong. One of your beginning programmers (probably a beginner
> but it could be any of us) gets trojanned. The attacker then inserts a worm
> into the autoconf scripts for that package which goes around committing itself
> to other packages while infecting anyone who builds the package and adding
> backdoors to their machines
That could happen to anybody, and I don't think that it is a practical
attack. In mock, packages are built in a chroot and not by root. We look
(or should look) at the commit list for packages we are interested in.
Trojaned packages would only hurt those who rebuild packages without
looking at the import. In my opinion, and I still may be wrong,
most of the fedora contributors are experienced and less prone to be
hurt by trojans than other people. And lastly I believe is that
upstream sources at least as prone as this kind of attack than a
fedora without ACLs on CVS.
Of course there is still more risks without ACLs on cvs, but I think
that in the balance of risk versus practicability, having something open
is better. For gcc, kernel, libc, maybe perl and python, sure there
could be ACLs, for more collaborative stuff, especially what comes from
fedora extras, I think it is better to keep things open.
--
Pat
More information about the Fedora-maintainers
mailing list