Mono Package audit
Ville Skyttä
ville.skytta at iki.fi
Thu Apr 10 19:28:09 UTC 2008
On Thursday 10 April 2008, Colin Walters wrote:
> On Thu, Apr 10, 2008 at 3:06 PM, Ville Skyttä <ville.skytta at iki.fi> wrote:
>
> > Hm, how do you mean rpmlint could check these? Run "rpmbuild -bp" on
> > src.rpm's it's given and check the extracted files from there?
>
> Yeah...it doesn't extract the tree already for other checks?
It extracts rpm contents only with "rpm2cpio | cpio", not tarballs etc within.
Not sure if running "rpmbuild -bp" would be considered a potential security
issue, and I'd rather not even try re-implementing what %setup does to get
around that (at least in upstream rpmlint; in Fedora it could use
rpmdev-extract for that).
More information about the devel
mailing list