[packman] Packman security policy questions
Manfred Tremmel
manfred at links2linux.de
Sat Nov 3 21:48:58 CET 2007
Am Samstag, 3. November 2007 schrieb Andreas Schneider:
> Aniruddha wrote:
> > Actually this is even more easy then it sounds (and I am not a
> > programmer). It only requires to document some simple rules for
> > package handling (e.g. that packager should check for malware, and
> > the monitoring of some standard security bulletins).
>
> It is easy? Ok.
>
> How should we check a new version of an application/program for
> malware?
At the moment we do have only 3.8 GByte in our 10.3 SRPM-directory, so
it shouldn't be a problem to check the sources line by line.
Next packages will be available in the year 2350 ;-)
It's all a question of (wo)manpower and the number of packages. We do
have more then thousand packages and only a view sparetime packages. We
can trust the programers, and go on like now, or review every tarball
and reduce the number of packages to three or four for every packager.
--
Machs gut | http://www.iivs.de/schwinde/buerger/tremmel/
Manfred | http://packman.links2linux.de/
More information about the Packman
mailing list