Nicolas Thierry-Mieg wrote: > m.roth at 5-cent.us wrote: >> ken wrote: >>>> On Sun, Jan 06, 2013 at 06:23:20PM -0500, ken wrote: >>>>> On 01/06/2013 05:18 PM fred smith wrote: >>>>>> On Sun, Jan 06, 2013 at 02:43:09PM -0500, ken wrote: >>>>>>> On 01/06/2013 09:55 AM fred smith wrote: >>>>>>>> On Sun, Jan 06, 2013 at 06:33:07AM -0500, ken wrote: >>>>>>>>> >>>>>>>>> Also running an up-to-date 5.8 but with just 2G of RAM, >>>>>>>>> clock-applet consumes the following: >>>>>>>>> >>>>>>>>> PID USER PR NI VIRT RES SHR S %CPU %MEM TIME+ COMMAND >>>>>>>>> 4133 me 15 0 29568 3748 2944 S 0.0 0.2 190:51.33 >>>>>>>>> clock-applet >> <snip> >>>>>> it's the same version and size as yours, but the md5sum differs. >>>>>> have you perhaps disabled prelink? (I don't call that I have ever done >>>>>> so) It's not obvious to me what other (legitimate) event would account >>>>>> for the difference in checksum. >> <snip> >> I've not been in this thread, but the above cmt *deeply* disturbs me. >> I'd >> start by yum remove the package with the applet and reinstall... after >> double checking what mirror it's getting the package from. >> >> Yes, an infected repo is what's running through my mind, or a hijacked >> URL. > > highly unlikely IMO. > Remember: packages are signed. A bad guy would also need to have the > centos key... > > and I believe prelink does this sort of thing. Would change the md5sum of the package? mark