"Stanisław T. Findeisen" wrote:
> What does the process of installing new RPM package look like? There
> are some commands that such package is allowed to execute, right?
By policy, there are things that rpm scriptlets should not do. But if
you created an rpm which had a %post section containing rm -rf /, rpm
would run it AFAIK.
> Also what's the difference between "Everything" and "Fedora" dirs in
> Fedora package tree?
The Fedora dir contains just what is included on the DVD media. The
Everything dir contains all of the packages available. Everything is
a superset of Fedora.
> I wonder how easy it is to create a rootkit/trojan horse/whatever
> and get it loaded on Fedora users' computers.
You would need to create a trojan package and get it onto the mirrors,
signed by the Fedora package signing key for a particular release.
This is not an easy task, as the keys are held pretty tightly, with
very limited access (if a handful of people can sign packages, I'd be
surprised).
--
Todd OpenPGP -> KeyID: 0xBEAF0CE3 | URL: www.pobox.com/~tmz/pgp
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
An election is coming. Universal peace is declared and the foxes have
a sincere interest in prolonging the lives of the poultry.
-- T.S. Eliot
Attachment:
pgprYwl88Mcaz.pgp
Description: PGP signature
-- fedora-list mailing list fedora-list@xxxxxxxxxx To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list Guidelines: http://fedoraproject.org/wiki/Communicate/MailingListGuidelines
