[Date Prev][Date Next] [Thread Prev][Thread Next]
[Thread Index]
[Date Index]
[Author Index]
Re: Proposal: Discourage rpmbuild --sign
- From: Willem Riede <wrrhdev riede org>
- To: fedora-devel-list redhat com
- Subject: Re: Proposal: Discourage rpmbuild --sign
- Date: Wed, 31 Dec 2003 15:30:36 -0500
On 2003.12.31 14:19, Rui Miguel Seabra wrote:
> On Wed, 2003-12-31 at 19:02, Willem Riede wrote:
> > On 2003.12.31 12:24, Rui Miguel Seabra wrote:
> > While that is a good practice, is it sufficient? How do you know that the
> > package you just attached your reputation to (by signing with your key)
> > isn't going to trash or take over the system of any user that installs it?
>
> Because I trust in the fellowship that develops AbiWord and from close
> contact.
>
> OF COURSE it is not sufficient, please read
>
> http://www.acm.org/classics/sep95/
>
> to grasp how bad it _IS_POSSIBLE_ to be.
>
> Now define a level you can live with and start reasoning from there.
>
> OF COURSE it is not sufficient, but it's one more layer that should be
> added and doesn't penalize efficiency.
Thank you. Which brings me to my point. The original proposals to refuse
to build as root and to discourage using --sign are in and of themselves
inadequate. Novices that would rely on them would have a false sense of
security. The only thing that works is properly educated users that use
precautions that are appropriate for the task at hand.
Forcing a specific partial policy on all users is not what I want to see.
Regards, Willem Riede.
[Date Prev][Date Next] [Thread Prev][Thread Next]
[Thread Index]
[Date Index]
[Author Index]