Security release criterion proposal
Björn Persson
bjorn at xn--rombobjrn-67a.se
Fri May 20 23:24:13 UTC 2011
Adam Williamson wrote:
> # There must be no known remote code execution vulnerability which could
> be exploited during installation or during use of a live image shipped
> with the release
If the installer would download packages during the installation, and an
attacker could trick it into downloading and installing malicious code that
would run as root once the installed system booted, would that match this
criterion?
Because then I'd say yes, let's make this an alpha release criterion – and
finally do something about bug 998 before F16 alpha.
Björn Persson
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 190 bytes
Desc: This is a digitally signed message part.
Url : http://lists.fedoraproject.org/pipermail/devel/attachments/20110521/6ecefc71/attachment-0001.bin
More information about the devel
mailing list