ACL removal day?!
Ralf Corsepius
rc040203 at freenet.de
Wed Jun 20 15:22:28 UTC 2007
On Wed, 2007-06-20 at 11:18 -0400, Alan Cox wrote:
> On Wed, Jun 20, 2007 at 04:56:58PM +0200, Ralf Corsepius wrote:
> > 1. He needs to be a Linux user
> > 2. He needs to be deeply familiar with the Fedora build-system.
> > 3. He will have to crack your passwords/ssh-phrases
>
> All false
>
> He needs to be a
> 1. Trojan script
> 2. Have been scripted to attack Fedora, or generically attack cvs
> 3. Steal your ssh keys automatically via patched tools
Or a man-in-the middle attack ... in such cases ACL's won't help at all.
> Its a minor perl problem to produce such a tool and just wait for a Fedora
> developer to catch it, then it can merge itself from one project into the
> next and infect the next person whol builds it on their own box and so on
> and so forth.
Ralf
More information about the Fedora-maintainers
mailing list