On Sat, Jan 10, 2015 at 03:19:28PM +0000, Peter Robinson wrote: > > On Thu, 2015-01-08 at 08:47 -0500, Paul Wouters wrote: > >> On Thu, 8 Jan 2015, Dhiru Kholia wrote: > >> > >> >> | Your package accepts/processes untrusted input. > >> >> > >> >> This seems to be about every package that I use, because I most if not > >> >> all tools process untrusted data from the Internet. > >> > > >> > +1. This view is rapidly gaining traction and visibility in recent times. > >> > >> Can we throw prelink out as well when we do this? > > > > > > Prelink is already gone. We haven't been running it since F19, IIRC. > > It's not completely gone, there's still a number of packages that run > it as part of the install or build process because I've had to fix > ppc64le/aarchh64 package builds because we don't have it at all on > those platforms. I think we also ship it by default. Note that the prelink package contains a useful utility called "execstack". We used to use this on OCaml programs to fix executable stack flags (but not lately, since I patched the OCaml compiler to do the right thing). So you may have seen a dependency on prelink which wasn't really about prelink. Rich. -- Richard Jones, Virtualization Group, Red Hat http://people.redhat.com/~rjones Read my programming and virtualization blog: http://rwmj.wordpress.com virt-p2v converts physical machines to virtual machines. Boot with a live CD or over the network (PXE) and turn machines into KVM guests. http://libguestfs.org/virt-v2v -- devel mailing list devel@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/devel Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct
