Mailinglist Archive: opensuse-factory (471 mails)
| < Previous | Next > |
Re: [opensuse-factory] Security Implications of opening Factory
- From: Michal Vyskocil <mvyskocil@xxxxxxx>
- Date: Thu, 11 Jun 2009 08:55:28 +0200
- Message-id: <200906110855.28814.mvyskocil@xxxxxxx>
On Wednesday 10 of June 2009 20:22:19 Karsten König wrote:
There's a planned feature of BuildService - it will be able to download source
code directly from upstream.
Regards
Michal Vyskocil
--
To unsubscribe, e-mail: opensuse-factory+unsubscribe@xxxxxxxxxxxx
For additional commands, e-mail: opensuse-factory+help@xxxxxxxxxxxx
- Review tarballs for malicious code. Very hard.
The to be used tarball often has md5 sum or other hash on project
downloadpage, why not introduce a hashfield for every source in the spec
that needs to match the hashsum of the tarball, so a reviewer only needs to
verify the hashsums in the .spec files match the ones from project download
page, then the ball about malicous code is upstream =)
There's a planned feature of BuildService - it will be able to download source
code directly from upstream.
Regards
Michal Vyskocil
--
To unsubscribe, e-mail: opensuse-factory+unsubscribe@xxxxxxxxxxxx
For additional commands, e-mail: opensuse-factory+help@xxxxxxxxxxxx
| < Previous | Next > |