Re: [Yum-devel] [PATCH] Fix for https://bugzilla.redhat.com/show_bug.cgi?id=520810

2009-09-02 Thread Seth Vidal
On Wed, 2 Sep 2009, Ville Skyttä wrote: On Wednesday 02 September 2009, Seth Vidal wrote: just b/c it looks like a glob doesn't mean it IS a glob: /usr/bin/[ is a legit file in coreutils but it looks (and acts) just like a glob - so we need to do an ='s search even if it looks like a glob

Re: [Yum-devel] [PATCH] Fix for https://bugzilla.redhat.com/show_bug.cgi?id=520810

2009-09-02 Thread Ville Skyttä
On Wednesday 02 September 2009, Seth Vidal wrote: > just b/c it looks like a glob doesn't mean it IS a glob: > /usr/bin/[ is a legit file in coreutils but it looks (and acts) > just like a glob - so we need to do an ='s search even if it looks > like a glob. This makes me cranky. I'd argue tha

[Yum-devel] [PATCH] Fix for https://bugzilla.redhat.com/show_bug.cgi?id=520810

2009-09-02 Thread Seth Vidal
just b/c it looks like a glob doesn't mean it IS a glob: /usr/bin/[ is a legit file in coreutils but it looks (and acts) just like a glob - so we need to do an ='s search even if it looks like a glob. This makes me cranky. --- yum/sqlitesack.py | 12 +++- 1 files changed, 11 insertio

Re: [Yum-devel] First "usable" yum history patches

2009-09-02 Thread Tim Lauridsen
On 08/31/2009 08:12 PM, James Antill wrote: On Wed, 2009-08-26 at 11:48 -0400, Seth Vidal wrote: On Tue, 25 Aug 2009, James Antill wrote: Ok, here's the first look at the history stuff. I've tested it a bit, and it seems to provide roughly the correct functionality. Here are the know

[Yum-devel] yum-utils 1.1.23 released.

2009-09-02 Thread Tim Lauridsen
yum-utils 1.1.23 is released. Changes: Check ChangeLog for changes [1] Tarball: http://yum.baseurl.org/download/yum-utils/yum-utils-1.1.23.tar.gz SRPM: http://yum.baseurl.org/download/yum-utils/yum-utils-1.1.23-1.src

Re: [Yum-devel] Is YUM really a secure package manager ?

2009-09-02 Thread Seth Vidal
On Wed, 2 Sep 2009, Akshay Wattal wrote: Hi, Lately i did some research on security issues related to differnt package managers including YUM and found out that there can be some vulnerabilities in YUM. So far YUM checks the signature which is on each individual package,In this model, the

Re: [Yum-devel] [PATCH] patch for rh bug 503195 - fix double prefixing problem by being a little sneaky internally if we have an installroot defined that is not '/'

2009-09-02 Thread Tim Lauridsen
On 09/01/2009 09:04 PM, Seth Vidal wrote: --- yum/rpmtrans.py | 18 +++--- 1 files changed, 11 insertions(+), 7 deletions(-) diff --git a/yum/rpmtrans.py b/yum/rpmtrans.py index 053b272..77b06a2 100644 --- a/yum/rpmtrans.py +++ b/yum/rpmtrans.py @@ -252,11 +252,10 @@ class RPMTr

Re: [Yum-devel] Is YUM really a secure package manager ?

2009-09-02 Thread Akshay Wattal
Hi, Lately i did some research on security issues related to differnt package managers including YUM and found out that there can be some vulnerabilities in YUM. So far YUM checks the signature which is on each individual package,In this model, the package manager has no signatures to check unt