Mailinglist Archive: opensuse-factory (471 mails)
| < Previous | Next > |
Re: [opensuse-factory] Security Implications of opening Factory
- From: "Karsten König" <remur@xxxxxxx>
- Date: Wed, 10 Jun 2009 20:22:19 +0200
- Message-id: <20090610182219.305830@xxxxxxx>
- Review tarballs for malicious code. Very hard.
The to be used tarball often has md5 sum or other hash on project downloadpage,
why not introduce a hashfield for every source in the spec that needs to match
the hashsum of the tarball, so a reviewer only needs to verify the hashsums in
the .spec files match the ones from project download page, then the ball about
malicous code is upstream =)
Karsten
--
To unsubscribe, e-mail: opensuse-factory+unsubscribe@xxxxxxxxxxxx
For additional commands, e-mail: opensuse-factory+help@xxxxxxxxxxxx
| < Previous | Next > |