[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: [Bug 226377] Merge Review: rpm



On Fri, 2007-08-24 at 13:52 -0400, Jesse Keating wrote:
> On Fri, 24 Aug 2007 19:46:48 +0200
> Axel Thimm <Axel Thimm ATrpms net> wrote:
> 
> > That sounds more like using the tarball though. If a software's use is
> > only restricted to looking onto it in a chroot or perform limited
> > operation with is as to not shoot away the rest of the system it
> > should not be a yum install bomb away from your fingertipps (well, not
> > your, but the users')
> 
> Again, if it is made to live completely outside the range of the system
> yum and not to interact at all with any thing that uses rpmlib, how can
> it "bomb" your system?  The value would be that it's pre-compiled for
> our distro, it passes our guidelines for packaging quality, and given
> our constraints people can be confident that using rpm5 to play around
> with that fork won't "bomb" their system as it's being forced to be
> sufficiently walled off from the rest of the system.  Just chucking a
> tarball at people or forcing it to live in some other repo is just
> invitation to have it be actively hostile toward your system should you
> install it, or fail to get the compile flags right, or whatever else.

Even with a separate database, it will overwrite the files on the system
when rpm5 does an install/update transaction, and the rpm.org db (the
system database) will not reflect these changes.

BOOM.

~spot


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]