Mailinglist Archive: opensuse-buildservice (349 mails)

< Previous Next >
Re: [opensuse-buildservice] Re: How secure is openSUSE build service?
  • From: Adrian Schröter <adrian@xxxxxxx>
  • Date: Thu, 1 Nov 2007 09:09:30 +0100
  • Message-id: <200711010909.30703.adrian@xxxxxxx>
On Thursday 01 November 2007 09:01:27 wrote Aniruddha:
...

"Something" must be *terribly* wrong somewhere as no "problems" I am
aware have been made public.

That is no argument. Right now apparently openSUSE has a big gaping
security hole which can be exploited in the future. And who should make
us aware of "problems" when none checks the repos' anyways?

Not more or less than installing the software from somewhere else ...

But I agree that this could be way more transparent, we did plan to create
a "trust" portal from the beginning, it is just work to do so.

As long as we want to have lots of software and always the latest version, the
user needs to decide if he trust it. But we can help him here.

I understand your concern, you have NO trust of anyone. I believe
there is a word for that, but....

Trust is no replacement of good security policies.

Well, a policy helps you nothing, if you do not trust the people. They can
ignore it easily.

bye
adrian

--

Adrian Schroeter
SUSE LINUX Products GmbH, GF: Markus Rex, HRB 16746 (AG Nürnberg)
email: adrian@xxxxxxx

---------------------------------------------------------------------
To unsubscribe, e-mail: opensuse-buildservice+unsubscribe@xxxxxxxxxxxx
For additional commands, e-mail: opensuse-buildservice+help@xxxxxxxxxxxx

< Previous Next >
List Navigation
Follow Ups