Eternal 'good file hashes' list
Tomas Mraz
tmraz at redhat.com
Tue Oct 20 08:20:17 UTC 2009
On Tue, 2009-10-20 at 08:45 +0200, Ralf Ertzinger wrote:
> Hi.
>
> I was wondering the other day how much space the file information (i.e. the
> stuff that rpm -V checks against) takes up in an RPM file. And, going from
> there, how much space we would waste over the years if we kept this
> information for every RPM ever built by koji.
>
> The idea would be to have a database of known good file information that is
> separate from the local RPM database, so one may burn this information to
> a bootable CD (or DVD) to be able to verify the integrity of the local
> files (as long as the files came from a fedora built RPM file, that is).
> Another possibility would be to load the information from the net, on
> demand.
>
> How much data are we talking about, roughly?
What would this be good for? Actually for some files it would be a known
bad file hashes because these files (binaries or scripts) would contain
known vulnerabilities and so knowing that you have a file that was once
included in Fedora does not guarantee you almost anything.
--
Tomas Mraz
No matter how far down the wrong road you've gone, turn back.
Turkish proverb
More information about the fedora-devel-list
mailing list