[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]

Re: RPM roadmapping

From: Gilboa Davara <gilboad gmail com>
To: Development discussions related to Fedora Core <fedora-devel-list redhat com>
Subject: Re: RPM roadmapping
Date: Mon, 30 Jul 2007 16:51:17 +0300

On Sat, 2007-07-28 at 16:14 -0500, Arthur Pemberton wrote:
> On 7/28/07, seth vidal <skvidal linux duke edu> wrote:
> > On Sat, 2007-07-28 at 14:53 +0000, Kevin Kofler wrote:
> > > Panu Matilainen <pmatilai <at> redhat.com> writes:
> > > >    - RPM is not an ftp/http client, it's a package manager.
> > >
> > > Am I the only one who things that being able to rpm -Uvh http://....rpm is a
> > > nice feature?
> >
> > it's not an issue of it being a nice feature - it is an issue of whether
> > it is a good idea to maintain the code. Keep in mind - rpm has its own
> > http/ftp client included. It's not using curl or wget. All its own code.
> > That seems a bit much to maintain esp when the majority of people using
> > rpm do it through a higher level language that already has a http/ftp
> > client.
> >
> > the best way to make rpm reliable and consistent is to strip out all
> > things that are unnecessary.
> >
> > -sv
> 
> I would imagine this opens RPM up to remote attacks too.

I second the above.
Running HTTP/FTP client as root is -not- a god idea.

Even if HTTP is being pushed to an external plugin that's built around
wget, this plug must be executed as user/guest and not as root.

- Gilboa

Follow-Ups:
- Re: RPM roadmapping
  - From: Alexander Boström
- Re: RPM roadmapping
  - From: Panu Matilainen

References:
- RPM roadmapping
  - From: Panu Matilainen
- Re: RPM roadmapping
  - From: Kevin Kofler
- Re: RPM roadmapping
  - From: seth vidal
- Re: RPM roadmapping
  - From: Arthur Pemberton

[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]