Mailinglist Archive: opensuse (4570 mails)
| < Previous | Next > |
Re: [opensuse] Re: warnings
- From: mop48836 <mop48836@xxxxxxxxxxxxxxx>
- Date: Mon, 07 Nov 2005 15:09:07 +0000
- Message-id: <436F6E13.5070800@xxxxxxxxxxxxxxx>
Patrick Shanahan wrote:
* mop48836 <mop48836@xxxxxxxxxxxxxxx> [11-07-05 09:15]:
So, suppose that someone builds rpms with those directives (%deffatr, ...) with "common" user names, like "mike", "dave", etc.
(not like "kosta", rather unusual..) with the purpose to compromise, "statistically", those machines?
Would that be possible?
If yes, wouldn't it be a severe security flaw?? i can't believe that!!
Which is why the _most_ rpm's are signed and their keys provided.
Please trim your quotes and refrain from top-posting. tks
http://www.netmeister.org/news/learn2quote.html
Hi Patrick,
sorry for the top-posting, as this has been a long enough discussion. Reading from left to right, and top to bottom.
Just wrote that post a little too fast, as i felt we could be concerned in something wild. I apologize.
Thanks to remind the useful link, too.
About the subject: so, when rpms are signed and key provided, we can assure they are OK, that's it?
Thus, a good user pratice would to never install rpms that do not fullfil those conditions; is this correct?
Thanks,
Patrick M
| < Previous | Next > |