"Stanisław T. Findeisen" wrote:
What does the process of installing new RPM package look like? There
are some commands that such package is allowed to execute, right?
By policy, there are things that rpm scriptlets should not do. But if
you created an rpm which had a %post section containing rm -rf /, rpm
would run it AFAIK.
Also what's the difference between "Everything" and
"Fedora" dirs in
Fedora package tree?
The Fedora dir contains just what is included on the DVD media. The
Everything dir contains all of the packages available. Everything is
a superset of Fedora.
I wonder how easy it is to create a rootkit/trojan horse/whatever
and get it loaded on Fedora users' computers.
You would need to create a trojan package and get it onto the mirrors,
signed by the Fedora package signing key for a particular release.
This is not an easy task, as the keys are held pretty tightly, with
very limited access (if a handful of people can sign packages, I'd be
surprised).
--
Todd OpenPGP -> KeyID: 0xBEAF0CE3 | URL:
www.pobox.com/~tmz/pgp
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
An election is coming. Universal peace is declared and the foxes have
a sincere interest in prolonging the lives of the poultry.
-- T.S. Eliot