On Mon, 2024-04-01 at 10:56 +0000, Zbigniew Jędrzejewski-Szmek wrote:
On Sun, Mar 31, 2024 at 07:54:08PM +0200, Kevin Kofler via devel
wrote:
> Adam Williamson wrote:
> > Maybe this needs to go on the growing pile of reasons why the
> > traditional Linux model *does* need to go away. Maybe Fedora, with its
> > foundation of First, should be kind of at the forefront of making that
> > happen.
>
> Switching to a container-based model is just going to introduce more
> different library versions (in the worst case, one per container) with a
> higher probability that one of them is compromised.
Our traditional distro model is not perfect — far from it — and we
certainly try to improve it. But I agree with Kevin that in _this
particular case_, the other models have smaller chances of catching
the issue.
Here the upstream was compromised, so 2FA, upstream signatures, and any
other checks don't help at all.
Yes, to be clear, my "this" was not "the specific technical details of
this attack". It was more:
i) the factors I listed in my email about just how many people are
trusted to build 'Fedora', when 'Fedora' is essentially a collection of
arbitrary scripts executed as root
ii) the fact that this attack reinforces the painful truth that
sophisticated attackers *are* extremely interested in attacking the
supply chain of which we form a significant component
--
Adam Williamson (he/him/his)
Fedora QA
Fedora Chat: @adamwill:fedora.im | Mastodon: @adamw(a)fosstodon.org
https://www.happyassassin.net