You may want to see if there is anything to worry about from a report a security problem with copr.
See https://discussion.fedoraproject.org/t/fedora-vulnerability-report/137495
Barry
On úterý 19. listopadu 2024 12:57:05, středoevropský standardní čas Barry Scott via copr-devel wrote:
You may want to see if there is anything to worry about from a report a security problem with copr.
See https://discussion.fedoraproject.org/t/fedora-vulnerability-report/137495
Hello Barry, thank you for forwarding this. The report does not appear to be security-related, as it is expected that users have (for RPM builds necessary) full access to the Copr builder. However, I did report [1] because it would be much better if we had some commit-ish validation in place.
[1] https://github.com/fedora-copr/copr/issues/3516
Pavel
Barry
On středa 20. listopadu 2024 8:16:40, středoevropský standardní čas Pavel Raiskup wrote:
On úterý 19. listopadu 2024 12:57:05, středoevropský standardní čas Barry Scott via copr-devel wrote:
You may want to see if there is anything to worry about from a report a security problem with copr.
See https://discussion.fedoraproject.org/t/fedora-vulnerability-report/137495
Hello Barry, thank you for forwarding this. The report does not appear to be security-related, as it is expected that users have (for RPM builds necessary) full access to the Copr builder. However, I did report [1] because it would be much better if we had some commit-ish validation in place.
For the next time I enabled the vulnerability reporting feature on GitHub: https://github.com/fedora-copr/copr/security
Pavel
Pavel
Barry
copr-devel@lists.fedorahosted.org
-
Barry Scott -
Pavel Raiskup