On Tue, Oct 20, 2009 at 10:20:17AM +0200, Tomas Mraz wrote: > What would this be good for? Actually for some files it would be a known > bad file hashes because these files (binaries or scripts) would contain > known vulnerabilities and so knowing that you have a file that was once > included in Fedora does not guarantee you almost anything.
Having a hash list of well known files might also help in forensics analysis to find suspicious files. Also with determining the correct RPM NVR one could use the repo metadata to check wether there are known vulnerabilities for certain files or just to detect that the file is not from an uptodate RPM. Regards Till
pgpYK0z2GyCzq.pgp
Description: PGP signature
-- fedora-devel-list mailing list [email protected] https://www.redhat.com/mailman/listinfo/fedora-devel-list
