On Tue, 2013-06-18 at 13:36 +0200, Miroslav Suchy wrote:
On 06/18/2013 11:21 AM, Pierre-Yves Chibon wrote:
> Well, the "No one should be affected" is not entirely true. I'm
> packaging <super cool game>, use copr to build it, advertise it. My
> account is compromised, I don't realize it. Attacker uses the token to
> build <super cool game + my own little backdoor>, all the users of the
> repo get the update and "my own little backdoor" with it:)
>
> You're gonna say it isn't much different from the current situation w/
> the koji certificate.
OK.
So lets say 6 months? It can be changed anytime in future. OK?
Ok for me and indeed, we can always re-visit it later.
Pierre