Hi, On Fri, 19 Mar 2010 09:51:37 +0000, Ximin Luo <xl...@cam.ac.uk> wrote: > On 03/19/2010 05:37 AM, Julien Valroff wrote: >> mmh I would rather say *you* have to run rkhunter before you use >> aptitude. >> >> I can hardly imagine that rkhunter is run twice in a row automatically. > > Your logic doesn't follow. The two runs don't do the same thing; the > pre-install run checks that all the hashes are OK, and the post-install run > updates all the hashes.
You are right, I had misunderstood it. I will have a look at it during the week-end, but this would require extra configuration in case something wrong is found (ie. stop the upgrade process). > If there were some way to make --propupd update only the hashes that were > modified as part of the install process, then the pre-install run wouldn't > be > needed, but this is not the case. There is such a possibility in rkhunter, but I haven't managed (yet) to implement it correctly in the Debian package. See #512087 I do not see any "easy" way to implement this, apart from using dpkg-triggers from the watched packages, but this would require much coordination between a lot of Debian developers. I had tried doing it directly in the rkhunter package (ie by detecing which files were updated) but it is not reliable. Also, the process is almost as long as updating the whole database, hence almost no speed win in that case. Cheers, Julien -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
