On 13/01/2010 23:40, Shawn Walker wrote:
On 01/13/10 05:35 PM, Chris Gerhard wrote:
Thanks. Are there plans to allow users to use the sha1 check. I can see
all sorts of confusion when audits find files on systems that are
supposed to be identical are different yet the pkg system does not
report it.
That's what pkg verify is for.
I don't understand. I certainly did not trust pkg verify over a cmp of
the files and would not expect anyone too unelss it is documented in
very big letters.
If the system's security had been compromised pkg verify would report no
problem as the hacker would make sure of it.
Yet the binaries are different. How this is not going to lead to
confusion or worse I can't imagine.
This came to light as I was looking into ksh93 dumping core.I can
reproduce it on one system and not the other. Now it could be nothing to
do with the different binaries but if I can see customer calling up in
very agitated states if they see this.
You're free to open an RFE at http://defect.opensolaris.org/ under
development -> pkg -> cli.
I don't see one open already.
http://defect.opensolaris.org/bz/show_bug.cgi?id=13870
--
Sent from my OpenSolaris Laptop
_______________________________________________
pkg-discuss mailing list
[email protected]
http://mail.opensolaris.org/mailman/listinfo/pkg-discuss
