[ale] Disappointed, could not find SUSE 10.0 to buy this morning :(

Greg Freemyer greg.freemyer at gmail.com
Sun Dec 11 17:01:11 EST 2005


On 12/11/05, Paul Cartwright <paul_tbot at pcartwright.com> wrote:
> On Sun December 11 2005 11:54 am, Greg Freemyer wrote:
> > Paul I did try smart and it seemed like a great tool for an
> > enthusiast. ie. the exact market SUSE 10.0 is sold into.
> > Personally I use it primarily as a business tool so I would prefer
> > official rpm sources.
>
> well, I'm not sure what "official" rpm sources are different from
> others, but the smart update tools determines dependencies, etc,
> correct? so, how does it know unofificial dependencies?
> I'm curious as to how YOU/and/or/smart determine the dependencies, and
> what the difference between the two is?
>
It's not the dependencies I worry about.

I don't know how the apt sources are maintained, but lets assume that
the apt maintainer has a malicious streak and plants some rootkits or
other backdoors in a piece of software.  Since Novell/SUSE is not
maintaining the apt repository, I don't know if there is a way to
detect that?

If the md5 values for the rpms were retrieved from Novell/SUSE, then
one could use that to verify the apt rpms, but I don't know if apt
does that.  I would guess no.

Greg
--
Greg Freemyer
The Norcross Group
Forensics for the 21st Century



More information about the Ale mailing list