10 Jun
2009
10 Jun
'09
18:22
- Review tarballs for malicious code. Very hard.
The to be used tarball often has md5 sum or other hash on project downloadpage, why not introduce a hashfield for every source in the spec that needs to match the hashsum of the tarball, so a reviewer only needs to verify the hashsums in the .spec files match the ones from project download page, then the ball about malicous code is upstream =) Karsten -- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-factory+help@opensuse.org