Mailinglist Archive: opensuse-buildservice (273 mails)

< Previous Next >
Re: [opensuse-buildservice] osc and security
  • From: Archie Cobbs <archie@xxxxxxxxxxxx>
  • Date: Mon, 26 Jan 2009 12:01:54 -0600
  • Message-id: <3bc8237c0901261001q36312829w956c4bd94f63fbcd@xxxxxxxxxxxxxx>
This is yet another argument for using Subversion for the version
control part of osc, instead of it's own homebrew (non-)equivalent.

I don't think it will ever happen because it's too much work though.

-Archie

On Mon, Jan 26, 2009 at 11:47 AM, Joop Boonen <joop_boonen@xxxxxx> wrote:
I've checked out ~/.oscrc I saw that my password can be found in plain text.

As someone who would be able to read this file would be able to change
packages that I have created. I'm rather worried about it. The package
could easily be piggy backed with mall ware.

I'm wondering wouldn't it be possible to put an encrypted password? Or
even better to work with ssh keys?

An other option would be that the password wouldn't be saved.


--
To unsubscribe, e-mail: opensuse-buildservice+unsubscribe@xxxxxxxxxxxx
For additional commands, e-mail: opensuse-buildservice+help@xxxxxxxxxxxx





--
Archie L. Cobbs
--
To unsubscribe, e-mail: opensuse-buildservice+unsubscribe@xxxxxxxxxxxx
For additional commands, e-mail: opensuse-buildservice+help@xxxxxxxxxxxx

< Previous Next >
Follow Ups
References