FAKE: Fedora Extras shipped popular package with rootkit and more than ten thousands systems were infected (was Re: Summary from last weeks FESCo meeting)
Ville Skyttä
ville.skytta at iki.fi
Thu Jun 1 17:24:42 UTC 2006
On Thu, 2006-06-01 at 18:46 +0200, Thorsten Leemhuis wrote:
> Am Donnerstag, den 01.06.2006, 19:26 +0300 schrieb Ville Skyttä:
> > This topic surfaces every now and then, often to be quickly countered
> > with "what do you need, just do it", which to my knowledge has not been
> > really answered. Come on, what is there really to "drive forward" in
> > this?
>
> Mainly this (or parts of it; or parts now, others later):
(I don't feel like reading the linked messages right now, so I'll throw
some off-the-cuff solutions.)
> - Allow new contributors to start as Co-Maintainers:
> https://www.redhat.com/archives/fedora-extras-list/2006-May/msg00506.html
Existing maintainer proxies the newcomer's commits for a while, then
starts to sponsor him at which point the newcomer gets commit access,
then proceed as usual.
> - Proposal from Patrice with a lot of good ideas:
> https://www.redhat.com/archives/fedora-extras-list/2006-April/msg00962.html
Much too long for me to read now.
> - a way to mark "Maintainer foo works on FC5 and devel, Maintainer bar
> on FC3 and FC4" in owners.list
Assuming this is only for being auto-Cc'd/assigned in Bugzilla for new
reports: how many packages are there that receive that many bug reports
that it wouldn't work to just be Cc'd/assigned on all of them, even if
one is maintaining only specific branch(es)? Why wouldn't someone who
maintains a package only for a subset of branches be insterested in
hearing about all bug reports on the package?
> - A proper policy in the wiki.
Link to this post :)
> [about CVS ACLs:] Sounds really good to me. BTW, I'd say sponsors should also get access
> everywhere. But the scripts need to be written and somebody has to do
> the work.
And with change to another scm looming, the number of folks potentially
interested in spending time with that is rapidly approaching zero ->
back to square one, I'm afraid...
More information about the fedora-extras-list
mailing list