1 |
On Saturday 20 June 2009 21:00:46 Ciaran McCreesh wrote: |
2 |
> On Sat, 20 Jun 2009 20:40:17 +0200 |
3 |
> |
4 |
> Patrick Lauer <patrick@g.o> wrote: |
5 |
> > > Have you thought about the security implications of this? |
6 |
> > |
7 |
> > Yes. |
8 |
> > |
9 |
> > > How much do you trust the people running the overlays listed in |
10 |
> > > layman? |
11 |
> > |
12 |
> > VirtualBox. |
13 |
> |
14 |
> And how do you use VirtualBox to prevent one malicious person from |
15 |
> running arbitrary code on the system of anyone using any layman overlay? |
16 |
|
17 |
Ah. I thought you were referring to the issues involved in sourcing ebuilds. |
18 |
|
19 |
But as you shift the discussion now ... well ... right now we allow almost |
20 |
everyone to add an overlay to the layman config. So we trust overlay |
21 |
maintainers not to screw users. |
22 |
|
23 |
The metadata cache is "inert" in the sense that it isn't executable code (and |
24 |
if anyone tries to execute it ... "You're doing it wrong" comes to mind"), so |
25 |
adding it does not pessimize the situation. |
26 |
|
27 |
So how do we guarantee that overlay maintainers (many who aren't even devs and |
28 |
thus might not be subjectively held to the same standards) don't screw users? |
29 |
|
30 |
Hmm. I can't think of any sane way to prevent people from writing bad ebuilds. |
31 |
And I also can't think of a reliable method to detect such or prevent users |
32 |
from trying to use them. In short, we just have to trust people. |
33 |
As a sidenote, we just randomly trust devs too. And it usually works ... |