On 03/03/2014 01:11 PM, Florian Weimer wrote:
Parsing the src.rpm is unsafe (or more precisely, the spec file in it). This is by design, no exploit is needed.
I meant parsing final RPMs. I should rather say querying.
Parsing the final RPMs can be made safe in theory
And in practice? :) What would be interrest for me is Requires, Provides, Description... and probably list of files (but not their content). -- Miroslav Suchy, RHCE, RHCDS Red Hat, Senior Software Engineer, #brno, #devexp, #fedora-buildsys _______________________________________________ Rpm-list mailing list Rpm-list@xxxxxxxxxxxxx http://lists.rpm.org/mailman/listinfo/rpm-list
