[EMAIL PROTECTED] wrote:
After looking closely at the mock-helper source, I have identified several problematic areas, listed below. I do not believe, given the current state of mock-helper, that we should endorse the idea of allowing untrusted users access to the 'mock' group. We should very prominently label mock as giving, essentially, root access to each user you allow to run it. I believe the wiki, the help text of "mock -h", the mock README, and the mock man page should all be updated with this information.
I think this makes sense to do as the short-term "so we can get mock 0.6 out" as there are a lot of cool and important stuff that people are clamoring for.
Then, post 0.6, focusing a bit on fixing the areas of security concern would seem to make sense.
Jeremy -- Fedora-buildsys-list mailing list Fedora-buildsys-list@redhat.com https://www.redhat.com/mailman/listinfo/fedora-buildsys-list
