Proposal: Discourage rpmbuild --sign
Willem Riede
wrrhdev at riede.org
Wed Dec 31 20:30:36 UTC 2003
On 2003.12.31 14:19, Rui Miguel Seabra wrote:
> On Wed, 2003-12-31 at 19:02, Willem Riede wrote:
> > On 2003.12.31 12:24, Rui Miguel Seabra wrote:
> > While that is a good practice, is it sufficient? How do you know that the
> > package you just attached your reputation to (by signing with your key)
> > isn't going to trash or take over the system of any user that installs it?
>
> Because I trust in the fellowship that develops AbiWord and from close
> contact.
>
> OF COURSE it is not sufficient, please read
>
> http://www.acm.org/classics/sep95/
>
> to grasp how bad it _IS_POSSIBLE_ to be.
>
> Now define a level you can live with and start reasoning from there.
>
> OF COURSE it is not sufficient, but it's one more layer that should be
> added and doesn't penalize efficiency.
Thank you. Which brings me to my point. The original proposals to refuse
to build as root and to discourage using --sign are in and of themselves
inadequate. Novices that would rely on them would have a false sense of
security. The only thing that works is properly educated users that use
precautions that are appropriate for the task at hand.
Forcing a specific partial policy on all users is not what I want to see.
Regards, Willem Riede.
More information about the fedora-devel-list
mailing list