Mailinglist Archive: opensuse-buildservice (349 mails)

< Previous Next >
Re: [opensuse-buildservice] Re: How secure is openSUSE build service?
  • From: "Rajko M." <rmatov101@xxxxxxxxxxx>
  • Date: Sun, 4 Nov 2007 09:35:08 -0500
  • Message-id: <200711040835.08372.rmatov101@xxxxxxxxxxx>
On Sunday 04 November 2007 04:37:10 am Adrian Schröter wrote:
On Saturday 03 November 2007 01:40:54 wrote Rajko M.:
On Friday 02 November 2007 12:32:03 pm Aniruddha wrote:
I think we should first focus on making the home:* repositories
more secure. What would best way to push this forward?

Initial phase:
Scanning binaries for known problems using some antivirus/rootkit
software, before actually publishing, even in home:* repositories.

I personally do not like this idea much, because it can cause the risk that
people believe that software is "good" if the scanner does not find
anything inside.

However, any scanner what helps manually reviewing is of course very
helpfull.

The scanner solution will remove some number of possible attacks.
Though, they will not help for mentioned in this mail:
http://lists.opensuse.org/opensuse/2007-11/msg00422.html
This is out of scope of scanners, but number of people able to create it is
smaller than for known attacks.

--
Regards,
Rajko.
---------------------------------------------------------------------
To unsubscribe, e-mail: opensuse-buildservice+unsubscribe@xxxxxxxxxxxx
For additional commands, e-mail: opensuse-buildservice+help@xxxxxxxxxxxx

< Previous Next >
Follow Ups