RPM hacking.
Sam Varshavchik
mrsam at courier-mta.com
Thu Mar 18 02:22:06 UTC 2004
Ian Pilcher writes:
> Aleksey Nogin wrote:
>> I agree. As long as the short-circuited binary RPM has the correct
>> "Source RPM" field value (e.g. something like "short-circuited") this
>> should not create any problems even if the short-circuited RPM is
>> accidentally (or maliciously) distributed.
>
> Could such binary RPMS be made unsignable perhaps?
We are not talking about a closed source product.
The source code for RPM is widely available.
Go ahead, arrange to have these short-circuited binary RPMs unsigned, or
flagged, or whatever.
It won't matter a hill of beans.
Someone will just make a custom build of rpm that generates binary rpms that
will pass all apparent tests, even though they were hacked.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/fedora-devel-list/attachments/20040317/d6e24300/attachment.sig>
More information about the fedora-devel-list
mailing list