On 2/24/06, Ivan Gyurdiev <ivg2@xxxxxxxxxxx> wrote: > The goal here is not to prevent Nvidia-supplied rpms to run on Linux. > The goal is to prevent shell-based installers from modifying files that > are "controlled" by the rpm database. > Nvidia rpms would not create a problem on Fedora, since any conflicts > with other rpms would be exposed by the package manager. Correction.. non-crackrock rpms would not create a problem. You can do an amazing amount of damage via postinstall scripts inside packages. It wouldn't be all that difficult to create an nvidia rpm that dropped the nvidia installer on the system and then ran the installer via postinstall script. In fact I'm pretty sure I've seen that sort of beast in the wild at some point. If your security is so tight that postinstall actions during rpm packages would generally fail when tampering with other package's files.. then you break lots of postinstall actions. -jef -- fedora-devel-list mailing list fedora-devel-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-devel-list
