Marc Haber <mh+debian-packa...@zugschlus.de> wrote:
On Sun, Aug 30, 2009 at 09:42:56PM +0200, Hannes von Haugwitz wrote:
Marc Haber <mh+debian-packa...@zugschlus.de> wrote:
That would be an option. But I think the filter should also work for
single package installations via aptitude install or dpkg -i. So how to
implement that in an automatic way?
a single package installation doesn't create _that_ much noise, I'd
handle this the same as a system update, or manually.
It depends. Look at openoffice.org-common or sun-java6-demo package for
example.
On the other hand we could modify the aide database before and after
every package change. Thereby it would be possible to also filter
removed files. This requires a new option to aide binary which
allows to partially updating the aide database from a list of files and
a way to run a program before and after every dpkg run. Is that possible?
I don't know for dpkg, but apt has pre/post hooks. And I think that
upstream would accept a patch to update only parts of the database,
but be aware that an attacker would be able to use that function to
hide his local changes as well.
I think the "plug-in system" option would be the easiest to implement
while the "modify database" option is the better approach but
essentially harder to develop.
So how to proceed?
regards,
Hannes
--
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
