[Ksummit-discuss] [CORE TOPIC] dev/maintainer workflow security

Jiri Kosina jkosina at suse.com
Mon Jul 13 19:37:49 UTC 2015


On Mon, 13 Jul 2015, Konstantin Ryabitsev wrote:

> Getting private ssh keys is a lot easier than getting full access to a
> developer's workstation:

Well ... even the recent example on this very list (a bug in script for 
applying patches being used by prominent maintainers) could be used by an 
attacker to open remote shell with repository access credentials on the 
local system of the maintainer. So I would be rather careful with stating 
that all this is just theoretical excercise.

Thanks,

-- 
Jiri Kosina
SUSE Labs


More information about the Ksummit-discuss mailing list