After have dinked around with a machine I upgraded from a severely modified 7.1 install and manually installing some stuff and using apt to install others I would like to know what I have installed that is not part of the fedora core. More specifically I would like to know what packages did not come from the FC1 distro itself (incase I inadvertently over wrote /upgraded a core package. Any thoughts on a way to approach this? I don't mind coding something that will cruise through a rpm -qa and digging out the info, I just don't know what info to dig with. I see this as an ongoing issue since if I intend to use other repos seems like the likelyhood that someone will sneak an expolit into a package that replaces a system file or something. This assumes of course that fedora packages are safe. What should I look for if someone were to try and spoof rpm db entries to look like they came from fedora? Bret
