[katello-devel] importing manifests with the "force" flag

James Labocki jlabocki at redhat.com
Thu Jun 28 00:56:10 UTC 2012 




On Jun 27, 2012, at 10:57 AM, Bryan Kearney <bkearney at redhat.com> wrote:

> On 06/27/2012 10:52 AM, James Bowes wrote:
>> On Wed, Jun 27, 2012 at 11:44:44AM -0300, Devan Goodwin wrote:
>>> On Wed, Jun 27, 2012 at 11:17 AM, Bryan Kearney <bkearney at redhat.com> wrote:
>>>> On 06/27/2012 09:38 AM, Devan Goodwin wrote:
>>>>> 
>>>>> I believe the creation date is the only thing force buys you, and
>>>>> indeed an older manifest should not normally be usable unless
>>>>> something went wrong with the new one. The force flag has kind of run
>>>>> off the rails. It was requested for development purposes if I recall
>>>>> correctly, but there is definitely no reason I can think of it should
>>>>> be allowed for end users.
>>>> 
>>>> 
>>>> If we turn back on checking the signature, and the checks for type, then it
>>>> will become relevant again.
>>>> 
>>>> - bk
>>>> 
>>> 
>>> What's the use case where an end user would want to bypass date checking?
>>> 
>>> Same question for bypassing signature checking. (that one is even more
>>> scary to me, what on earth would someone be doing to need that?) :)
>>> 
>>> Seems to me that force should be hidden from view, and possibly not be
>>> there at all.
>>> 
>> 
>> I've long been trying to get that option out of the ui. There's few
>> cases where a non developer can use it and it won't end up hurting them.
>> 
>> It should be available as an advanced cli option, wrapped in nice
>> warnings, and only used when something catastrophic has happened, and
>> you need to roll back to an old version.
>> 
>> I'd prefer sig checking to just be a config option, but if we wanted it
>> to be tweakable at run time, it should be a seperate option, so you can
>> roll back to and older manifest version, but still verify its integrity.
>> 
>>> _______________________________________________
>>> katello-devel mailing list
>>> katello-devel at redhat.com
>>> https://www.redhat.com/mailman/listinfo/katello-devel
>> 
>> -James
>> 
> ok.. added to the backlog:
> 
> As a user, i would like the Force flag removed from the UI but kept in the CLI for manifest uploads so that I can not hurt myself accidently.

+1

> 
> -- bk
> 
> 
> _______________________________________________
> katello-devel mailing list
> katello-devel at redhat.com
> https://www.redhat.com/mailman/listinfo/katello-devel

More information about the katello-devel mailing list