Re: FAKE: Fedora Extras shipped popular package with rootkit and more than ten thousands systems were infected (was Re: Summary from last weeks FESCo meeting)

[Hans de Goede <j w r degoede hhs nl>]

Nicolas Mailhot wrote:
> Hi,
> 
> You don't need complex ACL features to make the current system a lot
> more secure. Just :
> - ironclad the mail sending on commit
> - systematically send a copy of the commit message to the list of
> maintainers associated with a package (most maintainers do not have time
> to follow the full FE commit list)
> - when a package build is requested, send a magic cookie to all the
> associated maintainers and the security team and do not push the build
> till the cookie is returned by mail by one of them
> - setup a webscm somewhere and automatically create user profiles which
> include history views of all the packages associated with each
> individual FE member.
> 
> Because, you know, if we make sure everything which happens is
> communicated to the right people before the result is pushed to users
> there is absolutely no need to protect against malicious users. Besides
> re-reading their changes this will help maintainers catch their own
> honest mistakes.
> 
> 

Very very good idea! + a zillion.

One note though:
> - systematically send a copy of the commit message to the list of
> maintainers associated with a package (most maintainers do not have time
> to follow the full FE commit list)

I thinks this should include the sponsor too (for a sponsor configurable
amount of time from the sponsering).

Regards,

Hans