[Zope] What causes the community to stall so often?

[Bill Anderson]

On Sat, 2002-03-09 at 04:32, Luca Olivetti wrote:
> Bill Anderson wrote:
> 
> 
> > RPMs have one glaring problem. To be safe, you *must* either download
> > and rebuild a .src.rpm, or download both. Why? you may ask? Simple. You
> > can get a list of the file sin an RPM, sure. But you don't get to see
> > what scripts the rpm will execute when installing, without looking at
> > the spec file. Period.
> 
> rpm -qp --scripts just-downloaded-rpm-file.rpm

Only the ones listed in the spec-file, 

If I put mynastyscript.sh in the /tmp directory, and then run it in the
postinstall, and the script removes itself, you have learned essentially
nothing. Sorry, I was a bit terse in the original post.

RPMs do little-to-nothing for security, convenience, yes, but not
security. By the time you have looked at the scripts list, the files
list, and verified the signature, you have fairly well eliminated a lot
of the convenience.


-- 
Bill Anderson
Linux in Boise Club                  http://www.libc.org
Amateurs built the Ark, professionals built the Titanic.
Amateurs build Linux, professionals build Windows(tm).