New version of mock working (I think)
Michael_E_Brown at Dell.com
Michael_E_Brown at Dell.com
Mon Jun 26 20:47:29 UTC 2006
> -----Original Message-----
> From: fedora-buildsys-list-bounces at redhat.com
> [mailto:fedora-buildsys-list-bounces at redhat.com] On Behalf Of
> Clark Williams
> Sent: Monday, June 26, 2006 3:07 PM
> To: Discussion of Fedora build system
> Subject: Re: New version of mock working (I think)
>
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> Michael_E_Brown at Dell.com wrote:
> >
> > Yes, feedback from Dan would be good. My initial thoughts
> are that a
> > client implementation would be best at this point, due to
> the security
> > implications of a server. Something where we call a server API
> > provided by plague like:
> > server.begin_mock_status( "my.src.rpm", MY_PID)
> > server.set_mock_status( "my.src.rpm", "status_string", MY_PID)
> > ...
> > server.end_mock_status( "my.src.rpm", return_code, MY_PID)
> >
>
> Ah, and you thought I really *meant* it when I said I'd shut up. Ha!
>
> Don't you think that a simple server where we just have a
> listen socket and respond to "what's your status?" would be
> more straight forward?
I would like to foster discussion. It would be bad if one of the
co-maintainers failed to voice their concerns over project direction, so
no, I would hope that you never shut up.
My initial thoughts around this is that having an xmlrpc server exposes
too much of our (running with elevated privs) internals to random,
untrusted strangers. There has already been one reported vulnerability
in the python xmlrpc code.
Both code-wise (7-10 lines for client, vs at least 20 for server), and
security-wise, I think a client would be 'simpler'.
Also, adding a server entices future additions along the lines you
already said we don't want to go, and starts to supplant plague/brews
role.
--
Michael
More information about the Fedora-buildsys-list
mailing list