[maemo-community] Bug in repositories/builder?

From: Javier S. Pedro maemo at javispedro.com
Date: Sun Apr 29 15:29:14 EEST 2012
On Sat, 28 Apr 2012 21:49:34 +0200, Piotr Jawidzyk wrote:

> http://talk.maemo.org/showthread.php?t=83948
> 
> This is another topic that covers - more specifically - recently
> discovered (by mistake) security hole.

Not exactly a security hole, because there is no security at all on 
extras-devel.

Out of curiosity: why are you thinking that this is critical for the CSSU? 
Are you building packages there or similar?

One can add small trivial checks (like the one that is not in place for -
devel but it is in place -testing for conflicting packages). Yet this 
would block accidental mistakes, but not block anyone trying to do 
something with malicious purposes, which is outright impossible. Think 
about the bazillion degrees of freedom a packager has. Provides, etc.


In OBS, you can manually (for a given project) select which other 
projects you want to fetch build-dependencies from.

Javier.

More information about the maemo-community mailing list