%ghost .pyo

[Jeff Pitman]

On Wednesday 22 December 2004 00:38, Tim Waugh wrote:
> > anyone ran into this issue and/or can comment on it?  Should we
> > just package .pyo anyway?  (This also applies to upcoming Fedora
> > Extras packages, too.)
>
> We have been promised a redhat-rpm-config that turns on the Python
> pre-compiling, which will fix all this. (But it hasn't shown up yet
> that I've seen..)

They're making progress, from what I've seen..

Anyhowl, we can pre-compile ourselves in an individual spec, but that 
doesn't fix the issue with %ghost.  To my knowledge and what google has 
on record is that %ghost was used to "save space" since pyo didn't 
really "save time".  However, python executed with -O as root actually 
introduces .pyo files in /usr/lib/python2.3/site-packages anyway which 
could have implications for read-only /usr (which I think python just 
ignores anyway), but more importantly for setups with tripwire 
triggers. Not being personally familiar with this type of security 
issue, I'm wondering out loud if we should even care about %ghost. 

thanks,
-- 
-jeff