wounded in the line of duty
Can you explain more about your checking for forgery / malicious content (privately via email is fine)? I understand you have a checker bot that looks to see if the repomd.xml file is up to date. Can you talk more about other security checks you have that we may have overlooked?
I want to make sure that we don't provide any incorrect information about CentOS' security mechanisms. :)
I definitely appreciate the comments and suggestions on our research. Our goal isn't to point fingers at distributions. We're trying to provide accurate information about the real risks involved. We thank you for helping to point out any items we missed in our broad examination of package manager and distribution security.
More information about formatting options
© 2007-2014 Dag Wieërs | Powered by Drupal and RHEL. | No legal statement, haha.