Update Announcement Format discussion
Warren Togami
warren at togami.com
Mon Jan 12 10:51:32 UTC 2004
Chuck Wolber wrote:
>
> But that's the thing I'm getting at. It's incredibly easy to create a web
> form that looks like a fill-in-the-blanks template. Rather than having to
> resort to some hacked XML format (which would never work with humans at
> the helm), a form template would allow us to 1) separate out the data
> segments so they're individually searchable, 2) ensure that everything
> is consistently formatted and 3) Numbering would be immutably accurate.
>
There are several reasons why this is a bad idea:
1) Advisories just don't happen so often to necessitate this.
2) http://www.fedora.us/LEGACY
Higher priority to actually work on the packages, which have been
stalled there for several days.
3) This is a HUGE security risk. You should never have an important
signing key like advisory or package signing on any Internet accessible
host, especially with the security risk of something like PHP or perl
and apache. The signing key for packages and advisories should be on a
secured host with no public services, used for NO OTHER PURPOSE.
(i.e. fedora.us signing does not happen at www.fedora.us.)
Warren
More information about the fedora-legacy-list
mailing list