Process Change: Package Reviews with Flags
Dominik 'Rathann' Mierzejewski
dominik at greysector.net
Wed Feb 7 16:12:34 UTC 2007
On Wednesday, 07 February 2007 at 15:51, Jesse Keating wrote:
> On Wednesday 07 February 2007 07:54, Roozbeh Pournader wrote:
> > These rants are of course relevant only because I was the person whose
> > laptop with the SSH keys was stolen, which could theoretically be used
> > to find a way into the Extras system. The keys were of course password
> > protected and I reported the situation to Fedora people as soon as
> > possible on IRC, by email, and every other way I thought before a brute
> > force could be used to find the passwords, but if we want to think about
> > all the possible scenarios, a targeted attack could even have used my
> > collaboration.
> >
> > Theoretically, someone may still use physical force on me and get me to
> > type my password and insert whatever code he sees appropriate where he
> > wishes. Do I value the security of Fedora users more than my life or my
> > family's? Definitely not!
>
> it is not so much about somebody stealing your account, it's about somebody
> going through the process to create their _own_ account. Once that has been
> done ( and we keep wanting to LOWER the barrier for this!! ), if there are no
> barriers in place, that person can now run roughshod all over all the
> packages, making any changes they want, building anything they want, causing
> automated pushes to push out whatever they built, leading to people grabbing
> packages and getting rooted,
That won't happen THAT easily. Isn't the sign-and-push process manual?
Aren't the people who handle it supposed to check what they sign?
> or even worse, insert some small thing in a package that gets pulled into
> most buildroots that will further taint any more builds. Could be hard
> to detect until it is far far too late.
It would be stopped at the sign-and-push stage at worst. I'm sure there are
many eyes following the cvs commits list. It would be spotted quite fast
IMHO.
> With proper barriers in place,
> the most damage a rouge user can do is to their own
> package, or to any packages foolishly left wide open.
I don't really mind the ACLs as much as I do mind having to go through
another approval (for CVS import) after my package has ALREADY been
APPROVED.
Regards,
R.
--
Fedora Extras contributor http://fedoraproject.org/wiki/DominikMierzejewski
Livna contributor http://rpm.livna.org MPlayer developer http://mplayerhq.hu
"Faith manages."
-- Delenn to Lennier in Babylon 5:"Confessions and Lamentations"
More information about the Fedora-maintainers
mailing list