[Rpm-maint] [rpm-software-management/rpm] Check packages for consistency when opening them (Issue #2937)

Florian Festi notifications at github.com
Wed Feb 28 08:41:01 UTC 2024


There are several assumptions abut how a proper package looks like and those are checked in rpmbuild but rpm itself does often not enforce them on reading. This can create problems when packages are being created with 3rd party tools. This is also a potential security risk (although having manipulate packages passing signature checks is already a game over).

Properties that should be checked are:

* Legal characters and name patterns for dependencies, NERVA, etc
* Number of tag entries match in related tags (files, dicts, dependencies, ...)
*  File flags match the file types
* ...

See #2906 for the initial discussion about flags

-- 
Reply to this email directly or view it on GitHub:
https://github.com/rpm-software-management/rpm/issues/2937
You are receiving this because you are subscribed to this thread.

Message ID: <rpm-software-management/rpm/issues/2937 at github.com>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.rpm.org/pipermail/rpm-maint/attachments/20240228/0f1c0769/attachment.html>


More information about the Rpm-maint mailing list