[Rpm-maint] [rpm-software-management/rpm] RFE: ensure unwritable buildroot during %check (Issue #3010)
norbert manthey
notifications at github.com
Thu Apr 18 13:51:14 UTC 2024
I understand the difference between %build and %check, as well as the problem of this could be worked around by future actors. I would still like to understand the potential as a building blocks for hardening.
Do you see a path for a hashing-like validation in the %check phase that could be enabled by an additional run time parameter of the tool? This way, feature is available to potential users, but not enabled by default?
--
Reply to this email directly or view it on GitHub:
https://github.com/rpm-software-management/rpm/issues/3010#issuecomment-2063917625
You are receiving this because you are subscribed to this thread.
Message ID: <rpm-software-management/rpm/issues/3010/2063917625 at github.com>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.rpm.org/pipermail/rpm-maint/attachments/20240418/676e38f4/attachment.html>
More information about the Rpm-maint
mailing list