Fedora Updates: whole packages vs patches
Rich Burroughs
rich at paranoid.org
Thu Dec 9 19:36:59 UTC 2004
Jorge Fábregas wrote:
> 1- create an rpm with just that file (thus...it will be a patch rpm). size 1K
Then the md5sums that RPM uses to check the integrity of the files would
be broken for the initial package. It's not perfect, but rpm -V is a
nice quick and dirty way to check if files have been altered or trojaned.
In the case of a patch RPM like you mention, you'd then have to also
check the sums for the patch, and compare that to the list of files in
the original, to make sure that the ones in the original package that
had been changed were all the same files in the patch. It would be
pretty messy.
Rich
More information about the fedora-list
mailing list