[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: Fedora's way forward



and that could be very very dangerous... a single web browser flaw could open up the full system to attack...

...Imagine visiting a page that installs a repository, and then subsequently replaces core packages with compromised ones? (there are a couple of security hurdles such as root password... but never rely on the user to easily make the corrent judgement...)

All that should be needed is for a way to get pirut to get a repo file (disabled by default... and clear to the user with a message: 'repo foo added. go to repo's to activate')

and then after that, the normal package install method (commandline/pirut/yumex/other) to actually install the files.

Its not too far off the current method though... as current the repo files are distributed in rpm files. pirut installs the rpm file which adds the repo. then the normal method is used to add files... so not too much to do really...

[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]