Mailinglist Archive: opensuse-buildservice (349 mails)

< Previous Next >
Re: [opensuse-buildservice] Re: How secure is openSUSE build service?
  • From: Aniruddha <mailing_list@xxxxxxxxx>
  • Date: Thu, 01 Nov 2007 09:42:58 +0100
  • Message-id: <1193906578.3576.149.camel@xxxxxxxxxxxx>
On Thu, 2007-11-01 at 09:09 +0100, Adrian Schröter wrote:
On Thursday 01 November 2007 09:01:27 wrote Aniruddha:

"Something" must be *terribly* wrong somewhere as no "problems" I am
aware have been made public.

That is no argument. Right now apparently openSUSE has a big gaping
security hole which can be exploited in the future. And who should make
us aware of "problems" when none checks the repos' anyways?

Not more or less than installing the software from somewhere else ...

But I agree that this could be way more transparent, we did plan to create
a "trust" portal from the beginning, it is just work to do so.

As long as we want to have lots of software and always the latest version,
user needs to decide if he trust it. But we can help him here.

Agreed, maybe it is a good idea to enhance the roadmap with planned
security features. If I can help in any way (I am not a programmer) just
let me know. I would love to help think about the security features
enhancements for the openSUSE buildservice.

I understand your concern, you have NO trust of anyone. I believe
there is a word for that, but....

Trust is no replacement of good security policies.

Well, a policy helps you nothing, if you do not trust the people. They can
ignore it easily.

Off course, however a system that moves a package form experimental to
unstable etc. can be considered safer then a system that offers packages
from one repository with 1-Click without such checks. That's what I
meant with 'policy'.



Please adhere to the OpenSUSE_mailing_list_netiquette

To unsubscribe, e-mail: opensuse-buildservice+unsubscribe@xxxxxxxxxxxx
For additional commands, e-mail: opensuse-buildservice+help@xxxxxxxxxxxx

< Previous Next >
List Navigation