> Some users cannot use librpm, whether they want to or not, unless you are
> willing to guarantee that librpm is secure against a malicious rpmdb.
This is an absolutely bizarre point of view.
librpm needs to be secure against tampered with rpmdb as with any data, because
if there's a "malicious rpmdb" then it's the first thing that will encounter it
in every single case! And if you need to look at what you suspect is a tampered
with piece of data that may have caused a security incident of some kind,
surely you take precautions rather than rewrite everything from scratch in an
allegedly safe language? It's not like reading bytes from disk is going to melt
down the neighbourhood.
If there are bugs (security issues or otherwise), file tickets! I have
preciously little patience for this sort of alleged security hubbabubba.
--
Reply to this email directly or view it on GitHub:
https://github.com/rpm-software-management/rpm/discussions/2211#discussioncomment-10688891
You are receiving this because you are subscribed to this thread.
Message ID:
<rpm-software-management/rpm/repo-discussions/2211/comments/10688...@github.com>
_______________________________________________
Rpm-maint mailing list
Rpm-maint@lists.rpm.org
http://lists.rpm.org/mailman/listinfo/rpm-maint
