On Thursday 12 June 2008 15:46:24 Tom "spot" Callaway wrote: > On Thu, 2008-06-12 at 14:48 +0200, Jindrich Novy wrote: > > Opinions? > > One of the reasons why the mktemp option is appealing is because it is > not predictable, and helps lessen the security risks of knowing where > the buildroot is going to be and inserting malicious files. In other words you "assume" that your system is insecure and that's for rpm to worry about? There's actually use in having a predictable buildroot for many as well. > > The only reason we use mktemp in there is because we couldn't make rpm > code changes to use the native glibc functions. As to rpm > --short-circuit, well, I honestly think we should think long and hard > about whether we want to keep it around. Why? Is the assumption that someone could create a malicious package easier? Wouldn't really prevent anyone from doing such if they really wanted to. Or where lies the concern? It's a quite useful feature, we've even had -bb stage short-circuitable for years at Mandriva with only complains when it were gone for a brief period, it's also even the default in rpm5 now as well. And to make it clear, it's used as a convenience by packagers when working on packages, not when they're built in different environment by build bots.
Crippling rpm for more perceived security is just silly, it's not the place you should first worry about, following that logic you'd have to cripple about every piece of software on your system due to same concern.. Better wear your helmet on both the inside and outside of the house, just in case..
_______________________________________________ Rpm-maint mailing list Rpm-maint@lists.rpm.org https://lists.rpm.org/mailman/listinfo/rpm-maint
