Re: Package verification

[Andreas Metzler <ametzler@downhill.at.eu.org>]

Matthew Palmer <mpalmer@debian.org> wrote:
> On Wed, Oct 08, 2003 at 12:24:37AM +1000, Kim Lester wrote:

>> There is no way to verify/correct the MODE, USER, GROUP, TYPE
>> of any files installed in a pkg.
>> If I am wrong please point out where, with an installed pkg
>> (and preferably without having a copy of the .dpkg around)
>> once can tell if a pkg is _installed_correctly_.

> Define "correctly".  The permissions and ownerships as specified by the
> package maintainer may be overridden by the sysadmin, and some files are
> only created after installation (and permissions set by script).

> Barring a break-in, I don't see how system file permissions would ever be
> changed without admin knowledge, so verification would seem like a useless
> overhead.
[...]

'chown -R ...' accidentally excuted in the wrong directory comes to
my mind. Or filesystem corruption after a hard crash.

I don't think this is a very important "killer feature" but it is
certainly nice to have. rpm -Va.
               cu andreas