Note: This article is part of a series on the security of the infrastructure of Linux distributions—don’t forget to read our introduction if you haven’t done it already! This is a guest blogpost by friend of Fenrisk, Thomas Chauchefoin. Why Pagure? As discussed in the meta-article, we picked Pagure from the Fedora Apps Directory and already had a technical approach in mind. A software forge is likely to be a good target for an argument injection: we can expect the backend to shell out even when ...