FAKE: Fedora Extras shipped popular package with rootkit and more than ten thousands systems were infected (was Re: Summary from last weeks FESCo meeting)

Ville Skyttä ville.skytta at iki.fi
Thu Jun 1 17:24:42 UTC 2006 

On Thu, 2006-06-01 at 18:46 +0200, Thorsten Leemhuis wrote:
> Am Donnerstag, den 01.06.2006, 19:26 +0300 schrieb Ville Skyttä:

> > This topic surfaces every now and then, often to be quickly countered
> > with "what do you need, just do it", which to my knowledge has not been
> > really answered.  Come on, what is there really to "drive forward" in
> > this?
> 
> Mainly this (or parts of it; or parts now, others later):

(I don't feel like reading the linked messages right now, so I'll throw
some off-the-cuff solutions.)

> - Allow new contributors to start as Co-Maintainers:
> https://www.redhat.com/archives/fedora-extras-list/2006-May/msg00506.html

Existing maintainer proxies the newcomer's commits for a while, then
starts to sponsor him at which point the newcomer gets commit access,
then proceed as usual.

> - Proposal from Patrice with a lot of good ideas:
> https://www.redhat.com/archives/fedora-extras-list/2006-April/msg00962.html

Much too long for me to read now.

> - a way to mark "Maintainer foo works on FC5 and devel, Maintainer bar
> on FC3 and FC4" in owners.list

Assuming this is only for being auto-Cc'd/assigned in Bugzilla for new
reports: how many packages are there that receive that many bug reports
that it wouldn't work to just be Cc'd/assigned on all of them, even if
one is maintaining only specific branch(es)?  Why wouldn't someone who
maintains a package only for a subset of branches be insterested in
hearing about all bug reports on the package?

> - A proper policy in the wiki.

Link to this post :)

> [about CVS ACLs:] Sounds really good to me. BTW, I'd say sponsors should also get access
> everywhere. But the scripts need to be written and somebody has to do
> the work.

And with change to another scm looming, the number of folks potentially
interested in spending time with that is rapidly approaching zero ->
back to square one, I'm afraid...

More information about the fedora-extras-list mailing list