[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: RPM roadmapping



On Mon, 30 Jul 2007, Gilboa Davara wrote:

On Sat, 2007-07-28 at 16:14 -0500, Arthur Pemberton wrote:
On 7/28/07, seth vidal <skvidal linux duke edu> wrote:
On Sat, 2007-07-28 at 14:53 +0000, Kevin Kofler wrote:
Panu Matilainen <pmatilai <at> redhat.com> writes:
   - RPM is not an ftp/http client, it's a package manager.

Am I the only one who things that being able to rpm -Uvh http://....rpm is a
nice feature?

it's not an issue of it being a nice feature - it is an issue of whether
it is a good idea to maintain the code. Keep in mind - rpm has its own
http/ftp client included. It's not using curl or wget. All its own code.
That seems a bit much to maintain esp when the majority of people using
rpm do it through a higher level language that already has a http/ftp
client.

the best way to make rpm reliable and consistent is to strip out all
things that are unnecessary.

-sv

I would imagine this opens RPM up to remote attacks too.

I second the above.
Running HTTP/FTP client as root is -not- a god idea.

Yet that's how all our depsolvers and the associated tools work...

	- Panu -


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]