[Pkg-aide-maintainers] Bug#542621: Bug#542621: aide: new feature: ignore files changed by system updates
Marc Haber
mh+debian-packages at zugschlus.de
Mon Aug 31 07:12:20 UTC 2009
On Mon, Aug 31, 2009 at 08:36:57AM +0200, Hannes von Haugwitz wrote:
> Marc Haber <mh+debian-packages at zugschlus.de> wrote:
>> On Sun, Aug 30, 2009 at 09:42:56PM +0200, Hannes von Haugwitz wrote:
>>> Marc Haber <mh+debian-packages at zugschlus.de> wrote:
>>> That would be an option. But I think the filter should also work for
>>> single package installations via aptitude install or dpkg -i. So how to
>>> implement that in an automatic way?
>>
>> a single package installation doesn't create _that_ much noise, I'd
>> handle this the same as a system update, or manually.
>
> It depends. Look at openoffice.org-common or sun-java6-demo package for
> example.
Both packages are rather not a clientele of a system which will
probably be installed with aide.
>> I don't know for dpkg, but apt has pre/post hooks. And I think that
>> upstream would accept a patch to update only parts of the database,
>> but be aware that an attacker would be able to use that function to
>> hide his local changes as well.
>
> I think the "plug-in system" option would be the easiest to implement
> while the "modify database" option is the better approach but
> essentially harder to develop.
>
> So how to proceed?
Maybe it would be a good idea to solicit upstream's comments first.
Greetings
Marc
--
-----------------------------------------------------------------------------
Marc Haber | "I don't trust Computers. They | Mailadresse im Header
Mannheim, Germany | lose things." Winona Ryder | Fon: *49 621 72739834
Nordisch by Nature | How to make an American Quilt | Fax: *49 3221 2323190
More information about the Pkg-aide-maintainers
mailing list