Am 18.10.2013 22:58, schrieb Robert Relyea: > On 10/17/2013 06:48 AM, Jan Kratochvil wrote: >> rpm uses prelink -y so it already works in most cases and the rare cases can >> be fixed in prelink. The problem is its maintainer Jakub has more significant >> work to do nowadays. > > I use it as well, but it causes all sorts of problems (particularly in > selinux restricted apps) because it's really unfriendly for a library to > exec a random program and open a pipe. One of the things that would have > to be done would be either 1) provide a library call that can supply the > unlinked data, or 2) provide infrastructure in prelink that can reliably > update the integrity check files in a way that doesn't race the changed > libraries (and in a way that makes sure only prelink changed the > libraries, not someone else). > > Both of these are easy to get wrong and *that* is the point why crap which plays with integrity has to be banned from defaults as long it's gains are not *really large* keep things as simple as possible is the thumb of rules in case of integrity, error proof and security - and *nothing* ever will change this fact if someone does not care about securiyt and integrity: *fine* it is his choice *but* do not make such wrong decisions any longer the default also for people who do not care because they do not know better and not becuase they do not care as their own decisions defaults need to be sane, *rock solid* and questionable optimizings have to be a opt-in for people who know hat tey are doing or at least thnik so there is no "but" and "if" and no place for niceness - period *personally* i do not care about this whole discussion because prelink is banned for a long time and any package wichich requires it is banned too because i consider it as crap - *but* i do not only care about my personal environment - otherwise i would not need to waste any second on public mailing lists
Attachment:
signature.asc
Description: OpenPGP digital signature
-- devel mailing list devel@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/devel Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct
