On 01/18/2010 01:28 PM, Thomas Moschny wrote:
2010/1/18 Jiri Moskovcak<jmosk...@redhat.com>:Plus abrt should run `rpm -V' on any rpm involved in the transaction (=if user does not have replaced the binary by some non-rpm "make install").ABRT used to do this (and still can, it's just disabled), but rpm -V uses prelink to un-prelink the binaries to check the MD5 sum and security guys don't like it.Can you explain what's the security problem here? The outcome would be a boolean and a reject to send the report (or at least a big warning). - Thomas
The problem is during the "un-prelink" part, please see this BZs: 546572, 546350, 546987, 546772
Jirka
<<attachment: jmoskovc.vcf>>
-- devel mailing list devel@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/devel
