RPM roadmapping
Alexander Boström
abo at kth.se
Mon Jul 30 16:35:30 UTC 2007
mån 2007-07-30 klockan 16:51 +0300 skrev Gilboa Davara:
> I second the above.
> Running HTTP/FTP client as root is -not- a god idea.
>
> Even if HTTP is being pushed to an external plugin that's built around
> wget, this plug must be executed as user/guest and not as root.
Yes, the principle of least privilege does apply here.
Though, I would worry more about the fact that rpm -ivh http://...
doesn't verify any signatures. It's a good idea to:
wget http://...
rpm -K foo.rpm
Look at the result, and then maybe:
rpm -i foo.rpm
(rpm -K && rpm -i won't do, since it'll say OK for unsigned packages,
IIRC)
Or, even:
wget http://...
yum localinstall foo.rpm
Which, in turn, might be possible to simplify?
/abo
More information about the fedora-devel-list
mailing list