-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Anders Johansson wrote:
On Wednesday 20 September 2006 23:21, Andreas Hanke wrote:
Craig Millar schrieb:
Guess that channel is off limits until someone either modifies the repodata or smart is fixed. :( smart doesn't need to be fixed because it's not smart's fault.
A program should never ever crash on bad input. Any program that does has a bug and needs to be fixed.
Of course it won't help you download packages, but it will provide nicer (comprehensible) error messages, and avoid possible exploits (just about all of them rely on programs crashing on bad input)
Erm, sure, but if you fear the repository metadata to be abused to do
something malicious on your box, that's the least of your problems.
I could just make a new amarok, apache or whatever release in my repo
and put a "rm -rf /" in %pre or %post
cheers
- --
-o) Pascal Bleser http://linux01.gwdg.de/~pbleser/
/\\