[Ksummit-discuss] [CORE TOPIC] dev/maintainer workflow security
Jiri Kosina
jkosina at suse.com
Mon Jul 13 19:37:49 UTC 2015
On Mon, 13 Jul 2015, Konstantin Ryabitsev wrote:
> Getting private ssh keys is a lot easier than getting full access to a
> developer's workstation:
Well ... even the recent example on this very list (a bug in script for
applying patches being used by prominent maintainers) could be used by an
attacker to open remote shell with repository access credentials on the
local system of the maintainer. So I would be rather careful with stating
that all this is just theoretical excercise.
Thanks,
--
Jiri Kosina
SUSE Labs
More information about the Ksummit-discuss
mailing list