Mailinglist Archive: opensuse-factory (471 mails)

< Previous Next >
Re: [opensuse-factory] Security Implications of opening Factory
  • From: "Karsten König" <remur@xxxxxxx>
  • Date: Wed, 10 Jun 2009 20:22:19 +0200
  • Message-id: <20090610182219.305830@xxxxxxx>
- Review tarballs for malicious code. Very hard.

The to be used tarball often has md5 sum or other hash on project downloadpage,
why not introduce a hashfield for every source in the spec that needs to match
the hashsum of the tarball, so a reviewer only needs to verify the hashsums in
the .spec files match the ones from project download page, then the ball about
malicous code is upstream =)


Karsten
--
To unsubscribe, e-mail: opensuse-factory+unsubscribe@xxxxxxxxxxxx
For additional commands, e-mail: opensuse-factory+help@xxxxxxxxxxxx

< Previous Next >
References