[Rpm-maint] Feature request: Improved speed for 'rpm -qa'

James Olin Oden james.oden at gmail.com
Tue Dec 19 18:39:49 UTC 2006


> Even on my 300 MHz system, it only takes about 0.02 seconds. Is there
> any chance that regular rpm could be made this fast, or is this too
> much of a hack to include there? I don't think that bundling a special
> command for querying the rpm database together with a general purpose
> OS agnostic commandline shell is the proper way to do this...
> By the way, why is this a hack? Is the index not updated when an entry
> is removed or something? If not, indexes are there to be used!

I think the main thing you have to ask is why did some customers want
every header whether it be in a package or database to always have its
signature verified?  Did they see something we do not?

I always thought that it was enough to check the header at install
time when it was being inserted into the DB, but now I can see why one
might want to do this check even on queries, as a query is often used
as input into some larger process.  The person running the "process"
may have all authority to do what they are going to do based on the
inputs from the rpm DB, and have no malicious intent, but rogue data
may make them do something they would not have otherwise done.

Security is always a trade off with something else, though.  I'm just
trying to make sure everyone is considering that the way rpm works now
was driven by someones customers somewhere.


More information about the Rpm-maint mailing list