Mailinglist Archive: opensuse-buildservice (349 mails)

< Previous Next >
[opensuse-buildservice] Re: How secure is openSUSE build service?
  • From: Guenter Dannoritzer <kratfkryksqq@xxxxxxxxxxxxx>
  • Date: Thu, 01 Nov 2007 11:50:04 +0100
  • Message-id: <fgcb0s$2bb$1@xxxxxxxxxxxxx>
Aniruddha wrote:

[...]

I think it would be best to enlarge the packages that belong in the main
distro. Since openSUSE became open source this really should be possible
(one team focus on packaging another one putting the packages together
for a new distro).

No way. Now you are digging the security hole. What you have now is a
fairly secure distribution with a set of core packages. Every repository
you add from the build service is up to your trust.

I see that as a security policy. The big point is that I trust the core
distribution. If you now add more packages to the core distribution, it
will suffer in quality and security unless you increase the core team to
handle the increased number of packages.

Instead it would be rather good to add some review policy for the build
service, independent of the core distribution. That review team would
give some quality and security certificates to packages.

Cheers,

Guenter

---------------------------------------------------------------------
To unsubscribe, e-mail: opensuse-buildservice+unsubscribe@xxxxxxxxxxxx
For additional commands, e-mail: opensuse-buildservice+help@xxxxxxxxxxxx

< Previous Next >
List Navigation
Follow Ups