[packman] Packman security policy questions

Manfred Tremmel manfred at links2linux.de
Sat Nov 3 21:48:58 CET 2007

Am Samstag, 3. November 2007 schrieb Andreas Schneider:
> Aniruddha wrote:
> > Actually this is even more easy then it sounds (and I am not a
> > programmer). It only requires to document some simple rules for
> > package handling (e.g. that packager should check for malware, and
> > the monitoring of some standard security bulletins).
> It is easy? Ok.
> How should we check a new version of an application/program for
> malware?

At the moment we do have only 3.8 GByte in our 10.3 SRPM-directory, so 
it shouldn't be a problem to check the sources line by line.
Next packages will be available in the year 2350 ;-)
It's all a question of (wo)manpower and the number of packages. We do 
have more then thousand packages and only a view sparetime packages. We 
can trust the programers, and go on like now, or review every tarball 
and reduce the number of packages to three or four for every packager.

Machs gut    | http://www.iivs.de/schwinde/buerger/tremmel/

Manfred      | http://packman.links2linux.de/

More information about the Packman mailing list