On Wed, May 05, 2004 at 05:18:38PM -0400, Michael Jennings wrote:
> On Wednesday, 05 May 2004, at 14:06:21 (-0700),
> Steve Beattie wrote:
>
> > What's unfortunate is that rpmbuild -bs and -bb exist, as this
> > allows buggy srpms to be built and shipped that don't correspond to
> > the binary rpms.
>
> That's no more unfortunate than any of the other options ("--force
> --nodeps", anyone?) that can be abused/misused and result in various
> forms of catastrophe.
Except that I've seen *Red Hat* ship srpms on multiple occasions that
were broken in this way -- there was no way the supposed source rpm
would build, and yet they had a binary rpm of the same version. It's not
the user I'm concerned about, it's the distributer.
I'm not attempting to pick on Red Hat here -- I just happen to be most
familiar with their source rpms -- just pointing out that the tool makes
it possible for this to happen.
--
Steve Beattie Don't trust programmers?
<steve@xxxxxxxxx> Complete StackGuard distro at
http://NxNW.org/~steve/ immunix.org
http://www.sardonix.org -- Audit code, earn respect.
Attachment:
pgp00063.pgp
Description: PGP signature
_______________________________________________ Rpm-list mailing list Rpm-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/rpm-list
