On Mon, Oct 04, 2021 at 09:17:30PM +0200, Vitaly Zaitsev via devel wrote:
>Is this really necessary?
Yes. Because anyone can add something like this:
%post
rm -rf /
And it will destroy the installed system or even the hardware.
Yeah, but... that's not going get through the PR process? In fact, that
specific thing should fail in CI before a human gets to it even.
Overall, we put a lot of trust in maintainers. I don't see this _particular_
route as a likely one for violating that trust.
--
Matthew Miller
<mattdm(a)fedoraproject.org>
Fedora Project Leader