[Rpm-maint] Feature request: Improved speed for 'rpm -qa'

James Olin Oden james.oden at gmail.com
Wed Dec 20 16:45:36 UTC 2006


On 12/20/06, Bill Nottingham <notting at redhat.com> wrote:
> James Olin Oden (james.oden at gmail.com) said:
> > You can controll access with SE Linux all you want but there is no way
> > for me to tell that someone installed a rogue package without checking
> > digests at some point (maybe they were in a hurry) and that now I'm
> > looking at infomation from that rogue packets header without checking
> > digests on query.
>
> You also don't know if they wrote over the binaries on the filesystem,
> etc. I'm just of the opinion that the database is the wrong place
> to be enforcing these checks, but, to each their own.
>
Oh yeah, the other thing is that security is best in layers, each
layer hopefully complimenting the other in some well thought out way.
But as you say to each their own, as this must be balanced with the
cost of what one is protecting, versus ease of use requirements.

Cheers...james



More information about the Rpm-maint mailing list