Hi! On Tue, 2011-06-07 at 12:35 -0700, Todd And Margo Chester wrote:
> I am still stuck on if it is a security hazard in el6, why is it not also a > security hazard in el5? I presume that the dependencies in the RPM > would take care of anything that is different. This is, in fact, a very wrong assumption. RPM will not take care of it. RPM always assumes that the packages are coming from an appropriate channel and only tries to detect situations when there is a danger of inducing direct damage to the RPM database (unsatisfiable dependencies, wrong checksum / file corrupted, wrong signature etc.) If you keep mixing things, you are totally on your own. In the very best case it will detect some obvious linking problems, but not more than that. Possible pitfalls: 1) Library SONAME didn't change (i.e. functions get added), and the program uses new ABI, you install the RPM on the old system 2) Interpreter version is not recorded in RPM, software incompatible with newer/older Python 3) Few hundred others... > The code itself is still the code itself -- the code has not changed. > If it is safe in one, it should be safe in the other. I am clearly > not getting your point. You know, you should really get some basics right first. Sorry for that. -- Sincerely yours, Yury V. Zaytsev _______________________________________________ users mailing list [email protected] http://lists.repoforge.org/mailman/listinfo/users
