gtk2 update on fc8 SOLVED!

Ed Greshko Ed.Greshko at greshko.com
Fri Jan 25 06:53:51 UTC 2008 

Gilboa Davara wrote:
> On Fri, 2008-01-25 at 13:47 +0800, Ed Greshko wrote:
>> Gilboa Davara wrote:
>>> On Fri, 2008-01-25 at 13:15 +0800, Ed Greshko wrote:
>>>> Gilboa Davara wrote:
>>>>> The GTK2 update might have contained a number of security updates; while
>>>>> having a broken update will not cause any visible corruption, it may
>>>>> leave the machine open for an attack.
>>>> Do you think running "rpm -V" on the gtk2 package would be a good idea first?
>>> It should... as long as RPM DB is not corrupted.
>>> Being paranoid, I rather reinstall the RPM and reduce the risk.
>> I think I have been lucky over the years...knock on wood.  I've not found 
>> myself in a situation where an "rpm -Uvh" or "rpm -ivh" has hung or my rpm 
>> db became corrupted.  (I think I had a problem way back in the Red Hat 7, 
>> not Fedora days....)  So, I've never seen the need to use --force.
>>
>> So, one last question(s), if the rpm db is corrupted isn't it likely that 
>> "rpm -V" would fail?  Would a corrupted db cause other packages to fail 
>> verification.  And finally, what are the chances that you'd have an 
>> incorrectly installed rpm and an rpm db that was corrupted in such a manner 
>> that the verification would succeed?
>>
>> As I said, I never have run into these kinds of problems....so these 
>> questions have only just now popped into my head.
>>
>> Thanks...
>>
> 
> P.S. Don't forget about %post.
> If say, a SELinux RPM transaction hangs, the rpm -V test results will be
> mostly irrelevant, as a lot of work is being done in %post.
> The only way to insure a fully-working installation is RPM -Uvh --force.

Hummm....  Have to think about that.

Do rpm installations actually manipulate SELinux policies/attributes? (Other 
than the selinux rpms themselves)  If they do, then what prevents someone 
from generating a rogue rpm that manipulates SELinux policies/attributes 
outside of the installed/upgraded package?

Looks like I need to do some study...otherwise I won't be able to sleep at 
night.  :-)

More information about the fedora-list mailing list