On 06/10/2014 06:58 PM, Connie Sieh wrote:
In the expected place for srpms for RHEL7 there is a README
ftp.redhat.org:/redhat/linux/enterprise/7Server/en/os/README
It's contents are
Current sources for Red Hat Enterprise Linux 7 have been moved to the following location:
https://git.centos.org/project/rpms
Who/what is populating this area?
How are updates to packages handled? Do they go straight to https://git.centos.org/project/rpms/ as the updates are published by RedHat?
Does CentOS modify any of these packages?
Since it is implied that this "represents" the "srpm" for a given RHEL package (given the above README from ftp.redhat.com) how do I know it has not been tampered with?
If you look at the GIT activity log it is pretty easy to see how updates are coming to GIT by looking at the 0-day pushes.
Carl.