> How do i handle a situation where someone, without my knowledge uploads > new sources to one of my projects. It could be a security problem ?
Sorry Tim and sorry everyone for this false alarm. I was playing with fedpkg and I realized I could upload new sources; I thought I could provide a complete patch (spec+sources) for a couple of bugs: https://bugzilla.redhat.com/show_bug.cgi?id=1282825 https://bugzilla.redhat.com/show_bug.cgi?id=1294377 I didn't realize it could be a security problem at first. As you can see, checksums match: my intention was to help maintainers and understand better how to use fedpkg (that's why some days ago I asked on IRC some questions about fedpkg and scratch builds). I apologize for the inconvenience. -- devel mailing list devel@lists.fedoraproject.org http://lists.fedoraproject.org/admin/lists/devel@lists.fedoraproject.org
