This approach
> let's delete autoconf-generated cruft from upstream projects and regenerate
> it in %prep
To me sounds woefully inappropriate for the task at hand. You remove a single
attack vector while completely overlooking that many of your maintainers don't
have the qualifications to vet
I'm not sure my proposal has been understood at all.
This website/authority is a sort of advisory board where each member's
participation is 100% voluntary and distros are free to **ignore** it
altogether.
What this website will contain is just a nice list of vetted open source
packages, versi
Hi,
It was sheer luck that the exploit was discovered and major distros haven't yet
included it in their stable releases. It's quite possible and plausible it
could have reached RHEL, Debian, Ubuntu, SLES and other distros and it's almost
reached Fedora 40.
I don't know how to talk to RedHat/I
