QA process was Re: RPM submission procedure
Enrico Scholz
enrico.scholz at informatik.tu-chemnitz.de
Thu Jan 8 20:15:41 UTC 2004
toshio at tiki-lounge.com (Toshio) writes:
> This isn't secure. If I, the packager, am trying to crack your
> autobuilder, I can use a
> Source0: http://cracks.com/autorootkit-1.0.tar.gz
A buildsystem MUST resist against such attacks. See the "upstream author"
part in
http://www.tu-chemnitz.de/~ensc/fedora.us-build/html/index.html
Despite this, there must be made some precautions to limit effects of
exploits. Recent events do not give me a good feeling regarding Linux's
resistance against local exploits.
Enrico
More information about the devel
mailing list