[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]

Re: Summary from last weeks FESCo meeting

From: Patrice Dumas <pertusus free fr>
To: Discussion related to Fedora Extras <fedora-extras-list redhat com>
Subject: Re: Summary from last weeks FESCo meeting
Date: Wed, 31 May 2006 20:53:04 +0200

> Ohh, sorry, yes, that was a bit misleading. The problem simply is: who
> checks that the md5 sums stored in CVS are fine / those from upstream?
> Nobody. I can upload a new version of package "foo" at any time and
> include a rootkit in the tarball I upload. No one would notice.

Anybody could notice that the source file has changed and could verify that 
the md5sum matches upstream. I don't think that anybody does, however
(I don't ;)...

--
Pat

Follow-Ups:
- Re: Summary from last weeks FESCo meeting
  - From: Michael A. Peters

References:
- Summary from last weeks FESCo meeting
  - From: Thorsten Leemhuis
- Re: Summary from last weeks FESCo meeting
  - From: Michael Schwendt
- Re: Summary from last weeks FESCo meeting
  - From: Thorsten Leemhuis

[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]