On Wed, May 14, 2014 at 6:56 PM, Bernhard Voelker
On 05/14/2014 11:18 PM, Roman Neuhauser wrote:
limiting the privileged commandline to an invocation of a third-party
program does little to improve security.
And of course, such a whitelist must include the package name,
i.e., another package could not use the same string to circumvent
the restriction (unless it has registered the same string for
And I'd include sha-something of the source tarball. Just an idea.
To unsubscribe, e-mail: opensuse-buildservice+unsubscribe(a)opensuse.org
To contact the owner, e-mail: opensuse-buildservice+owner(a)opensuse.org