"Stanisław T. Findeisen" wrote: > What does the process of installing new RPM package look like? There > are some commands that such package is allowed to execute, right? By policy, there are things that rpm scriptlets should not do. But if you created an rpm which had a %post section containing rm -rf /, rpm would run it AFAIK. > Also what's the difference between "Everything" and "Fedora" dirs in > Fedora package tree? The Fedora dir contains just what is included on the DVD media. The Everything dir contains all of the packages available. Everything is a superset of Fedora. > I wonder how easy it is to create a rootkit/trojan horse/whatever > and get it loaded on Fedora users' computers. You would need to create a trojan package and get it onto the mirrors, signed by the Fedora package signing key for a particular release. This is not an easy task, as the keys are held pretty tightly, with very limited access (if a handful of people can sign packages, I'd be surprised). -- Todd OpenPGP -> KeyID: 0xBEAF0CE3 | URL: www.pobox.com/~tmz/pgp ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ An election is coming. Universal peace is declared and the foxes have a sincere interest in prolonging the lives of the poultry. -- T.S. Eliot
Attachment:
pgprYwl88Mcaz.pgp
Description: PGP signature
-- fedora-list mailing list fedora-list@xxxxxxxxxx To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list Guidelines: http://fedoraproject.org/wiki/Communicate/MailingListGuidelines