Mailinglist Archive: opensuse-security (601 mails)

< Previous Next >
Re: [suse-security] autorpm and latest secure files
  • From: Roman Drahtmueller <draht@xxxxxxx>
  • Date: Thu, 10 Aug 2000 03:47:48 +0200 (MEST)
  • Message-id: <Pine.LNX.4.21.0008100345290.1283-100000@xxxxxxxxxxxx>
> > I used autorpm to update all flies it could come up with for my 6.2
> > installation.
>
> As pointed out this thread is off-topic, but there is one security-related
> aspect to it. For the autorpm-user to think about:
>
> How do you ensure what you update on your system is genuine, and not
> trojaned? Whether the update actually works is of secondary importance.
>
> Volker

The integrity problem that you mention is definitely not off-topic.
:-)

autorpm may be a bad idea unless the rpm packages are signed. This is
planned for the near future in the SuSE distribution.

Thanks,
Roman.
--
- -
| Roman Drahtm├╝ller <draht@xxxxxxx> // "Caution: Cape does |
SuSE GmbH - Security Phone: // not enable user to fly."
| N├╝rnberg, Germany +49-911-740530 // (Batman Costume warning label) |
- -


< Previous Next >
References