Re: Fedora Legacy advistory list is lacking

[Eric Rostetter <rostetter mail utexas edu>]

Quoting Marc Deslauriers <marcdeslauriers videotron ca>:

> It should NOT be automated. Malicious people would be tempted to sent
> out fake advisories to get them automatically published to the web.

If done by the publisher, then this wouldn't be a problem.  If done
via an e-mail subscription, then this is true and a valid issue.

> A manual yes/no is mandatory IMHO.

Well, that's fine, and the way we've been doing it.  The problem is, if
I'm the only one doing it, and I leave for a 2 week vacation, what happens?
So far, what happens is this discussion, which is a great start!

I had not thought of the security concerns before.  I see this as being
pretty much a show stopper for the automatted e-mail approach.  It pushes
it back towards Jesse's idea of the creator of the advisory doing a direct
cvs checkin or something similar.

> Marc.

-- 
Eric Rostetter