On 2015-11-05 23:30, Christian Boltz wrote:
Hello,
Am Donnerstag, 5. November 2015 schrieb Carlos E. R.:
On the other hand what should the user do when he gets informed that "update of <package> replaced /usr/bin/ls"?
Huh. Freak out? :-))
And that repairs your system? Does it also work for hacked Joomla or Wordpress sites? If yes, can you teach me how to correctly freak out, please? ;-)
Of course. You have to scream wildly. Then you may get a contract for Scary Movie 42 ;-)
Of course, even better would be to halt mid-install on every outside change, and ask whether to allow or not. But that would extensive new coding, I guess.
The problem is that it will end up in *lots of* questions [1] - and that means that the user will just put a stone on the enter key and miss the one malicious thing in the middle of 100 other events.
Well, as I said, I'm considering it as tool for investigation, not for end users. Do you remember "checkinstall"? Somehow, it detected what "make install" created. How did it do it? :-? Something wrapping "rpm" so that it could list every file it writes or modifies. -- Cheers / Saludos, Carlos E. R. (from 13.1 x86_64 "Bottle" at Telcontar)