[Rpm-maint] [rpm-software-management/rpm] RFE: ensure unwritable buildroot during %check (Issue #3010)

norbert manthey notifications at github.com
Thu Apr 18 13:51:14 UTC 2024


I understand the difference between %build and %check, as well as the problem of this could be worked around by future actors. I would still like to understand the potential as a building blocks for hardening.

Do you see a path for a hashing-like validation in the %check phase that could be enabled by an additional run time parameter of the tool? This way, feature is available to potential users, but not enabled by default?

-- 
Reply to this email directly or view it on GitHub:
https://github.com/rpm-software-management/rpm/issues/3010#issuecomment-2063917625
You are receiving this because you are subscribed to this thread.

Message ID: <rpm-software-management/rpm/issues/3010/2063917625 at github.com>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.rpm.org/pipermail/rpm-maint/attachments/20240418/676e38f4/attachment.html>


More information about the Rpm-maint mailing list