new features in package CVS

Josh Boyer jwboyer at jdub.homelinux.org
Wed Jan 31 18:51:40 UTC 2007


On Wed, 2007-01-31 at 09:45 -0800, David Lutterkort wrote:
> On Wed, 2007-01-31 at 07:55 -0800, Christopher Stone wrote:
> > And people at redhat are completely immune to such attacks while the
> > extra packagers are so nieve that it is very likely to happen once we
> > open up the core cvs.
> 
> Don't look at this as a Red Hat vs. the rest of the world thing: even
> though I have a redhat.com mailing address, I don't expect to get commit
> access to the kernel, or glibc or 99% of the rest of the Fedora
> packages. 
> 
> And I don't want it: not having that access limits the things I need to
> worry about if my account gets compromised. My packages could still have
> been messed with, but at least it won't ripple into _all_ of Fedora
> needing an audit to make sure that a break into my account didn't
> compromise the distro.

This is, perhaps, the sanest explanation of why the ACLs aren't entirely
a bad thing.

Thanks,
josh




More information about the Fedora-maintainers mailing list