On Fri, Aug 17, 2018 at 2:08 PM Richard W.M. Jones <rjones@redhat.com> wrote:

While I agree that this is a good idea, I have one note of caution:
What's to stop someone adding a malicious package which did something
like ‘Provides: glibc’ and subsequently infects everyone's machine?
I think we'd want to consider the security implications of accepting
packages after only automated review.


Literally nothing prevents a packager from doing this *today*. As soon as package-review is complete and the dist-git repo is created, the packager can make whatever changes they want and push it with impunity.

Let’s be wary of the Nirvana Fallacy while discussing this: a perfect solution doesn’t need to be found before implementing one that improves on the current state.

That being said, it wouldn’t be particularly difficult for the review script to run `dnf repoquery --whatprovides` for everything this new package provides and fail if it replaces something else without Obsoletes.




Rich.

--
Richard Jones, Virtualization Group, Red Hat http://people.redhat.com/~rjones
Read my programming and virtualization blog: http://rwmj.wordpress.com
virt-builder quickly builds VMs from scratch
http://libguestfs.org/virt-builder.1.html
_______________________________________________
devel mailing list -- devel@lists.fedoraproject.org
To unsubscribe send an email to devel-leave@lists.fedoraproject.org
Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org/message/YQDW7BJDV46ZBW5VEJU6UKK3JSA2D4QO/