[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: RFC for Smolt features



On Dec 14, 2007 5:30 PM, Yaakov Nemoy <loupgaroublond gmail com> wrote:
> On Dec 14, 2007 5:10 PM, Stephen John Smoogen <smooge gmail com> wrote:
> > Hmmm I would prefer a plugin technology because flipping booleans is
> > not that hard.. and some people would prefer not to have XYZ Selinux,
> > Shadow Password reporting items on their system at all. While some
> > other organization might.
>
> Both require root access.  Both publish the same data.  Both garner
> the same criticism. Both require the same published privacy policy.
>
> But plugins gain us the ability for an over eager client to send the
> server something we're not prepared to deal with.  Plugins definitely
> offer some potential, but then they have to be implemented on a server
> level, either through forks, or some fundamental change to our
> server's source code, because storing plugin related information means
> changing the data model on a web based application.
>

Well I guess you could go with a structure like the following:

Client -> Server  Hi I am smolt client    [public-key XYZ]
Server -> Client  Hi I am a smoon server [public-key ABC]

Client determines if that is a server on its ok list to talk to.
Server determines if that is a client on its ok list to talk to.

Client says "I can tell you A,B,C,D,E,F,G,H,I,J,K,L,M,N,O,P,Q,R,S,T,U,V"
Server says "Thanks. I listen for D,E,I,K"
Client sends D,E,I,K and does not send the rest.

I am fudging various stuff where you would work out a mutual trust
mechanism and a mutual filter mechanism.

Or it could be:

Client -> Server  Hi I am smolt client    [public-key XYZ]
Server -> Client  Hi I am a smoon server [public-key ABC]

Client determines if that is a server on its ok list to talk to.
Server determines if that is a client on its ok list to talk to.

Client asks for what plugins the server wants it to get.
Server sends down the plugins.
Client tests that the plugins are signed by mutual 3rd party key.
Client test that it can run the plugins.
Client runs the plugins and sends the data to the server.



> But you're right, flipping booleans is not hard.  I'd rather people
> were flipping booleans than flipping digits at us.
>
>
> -Yaakov
>
> --
> fedora-devel-list mailing list
> fedora-devel-list redhat com
> https://www.redhat.com/mailman/listinfo/fedora-devel-list
>



-- 
Stephen J Smoogen. -- CSIRT/Linux System Administrator
How far that little candle throws his beams! So shines a good deed
in a naughty world. = Shakespeare. "The Merchant of Venice"


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]