how to 'rip apart' a rpm.
Genes MailLists
lists at sapience.com
Sat May 15 16:20:43 UTC 2010
On 05/15/2010 12:14 PM, Gene Heskett wrote:
> They are NOT in /usr/src/redhat nor in /root/rpmbuild.
>>
>> You really shouldn't be playing with source RPMs as root. Look in your
>> user RPM sandbox:
>
>
Whilst I agree we should be as careful w root as possible - if someone
is willing to install a binary rpm as root - how is that more secure
than building the source to the same package?
I know in theory the build could execute scripts etc .. but ..
Do we think redhat/fedora provide src rpm's which have things in them
(ie bad) that are not in the binary ? Or the other way round ? Or both ?
Or are the concerns for non-fedora packages?
More information about the users
mailing list