Mailinglist Archive: opensuse (4570 mails)

< Previous Next >
Re: [opensuse] Re: warnings
  • From: mop48836 <mop48836@xxxxxxxxxxxxxxx>
  • Date: Mon, 07 Nov 2005 15:09:07 +0000
  • Message-id: <436F6E13.5070800@xxxxxxxxxxxxxxx>

Patrick Shanahan wrote:

* mop48836 <mop48836@xxxxxxxxxxxxxxx> [11-07-05 09:15]:

So, suppose that someone builds rpms with those directives (%deffatr, ...) with "common" user names, like "mike", "dave", etc.
(not like "kosta", rather unusual..) with the purpose to compromise, "statistically", those machines?

Would that be possible?

If yes, wouldn't it be a severe security flaw?? i can't believe that!!

Which is why the _most_ rpm's are signed and their keys provided.

Please trim your quotes and refrain from top-posting. tks

Hi Patrick,

sorry for the top-posting, as this has been a long enough discussion. Reading from left to right, and top to bottom.

Just wrote that post a little too fast, as i felt we could be concerned in something wild. I apologize.

Thanks to remind the useful link, too.

About the subject: so, when rpms are signed and key provided, we can assure they are OK, that's it?

Thus, a good user pratice would to never install rpms that do not fullfil those conditions; is this correct?


Patrick M
< Previous Next >
Follow Ups