Am 05.11.2015 um 23:30 schrieb Christian Boltz:
It's not declared by rpm -qpl - but you can easily use rpm -qp --scripts untrusted-package.rpm
have you ever done this with commercial, third-party packages? Example: citrix-receiver. An estimated jigawatt of %post/%pre scripts. Totally unreadable. No fscking way I'm going to install this piece of crap on any of my machines. I instead used the tarballs and installed them in a separate user's home...
[1] lots of packages have scripts in %post etc. - being it ldconfig calls (done in all lib* packages), updating the bootloader, changing an alternatives symlink, updating font or icon cache, ...
Well, one could whitelist packages from known good vendors, e.g. those signed with a particular GPG key. But still complain about packages unsigned or signed with an Adobe, Citrix or Google key. -- Stefan Seyfried "For a successful technology, reality must take precedence over public relations, for nature cannot be fooled." -- Richard Feynman -- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-factory+owner@opensuse.org