Adam Williamson wrote:
I would argue there's a danger of getting too tied up in very
specific
technical details of this attack.
But the fact is:
What WOULD have stopped this attack: (one or more of:)
* Deleting ALL unit tests in %prep (and then of course not trying to run
them later).
* Deleting ALL files automatically generated or imported by autotools in
%prep, THEN running "autoreconf -i -f". (DO NOT trust autoreconf, it would
NOT have done the right thing here. Delete the files, THEN run autoreconf.)
* NOT patching OpenSSH downstream to link it against libsystemd against
upstream's recommendation.
What WOULD have greatly reduced the impact of this attack:
* NOT enabling updates-testing by default for Branched releases.
What WOULD NOT have stopped this attack: (any or all of:)
* 2FA. GitHub already enforces 2FA. It did NOT stop this attack.
* Any stricter vetting of Fedora contributions. The attack was performed
upstream, NOT in Fedora.
* More distrust of new Fedora contributors. The offending upgrade was
imported by a TRUSTED Fedora contributor. The untrusted new person operated
upstream, NOT in Fedora.
Kevin Kofler