python3.2+ compiled files
Tomasz Pala
gotar at polanet.pl
Sat Apr 9 22:52:54 CEST 2011
On Sat, Apr 09, 2011 at 16:32:01 -0400, Jeff Johnson wrote:
>> And I've shown that this "way" is wrong - having xattrs outside package
>> manager is bad design per se.
>
> You WILL have users using python eggs, and there WILL be a window
> installing content outside of package management.
And how is this related to storing xattrs?
[...]
> None of the above involves rpm "package management" installing xattr's.
Exactly - so don't throw me with arguments I do not care at all. I say
rpm should handle xattrs, nothing more.
> And none of the above precludes rpm from attaching xattr's where it makes sense.
> This thread started -- not about secuirity -- but how to handle
> *.pyo side effects.
I have no idea and I really do not care a bit. What I do know is that
application level is less important than system level, and the latter
requires xattrs in modern package management system.
How do we use them THEN, it's another issue.
> SO get rid of SUID.
I can't - rpm doesn't support xattrs (or it's so top secret you can't
tell me how to do this).
> What SUID has to do with "package management" of
> *.pyo side-effects isn't clear.
Did I mention some pyo somewhere?
>> So how can I store these caps in rpm? Or force rpm not to overwrite
>> these set by me in filesystem (manually or by other tool)?
>
> How does rpm store data in an rpmdb? You look at the schema,
> you create records conistent with the schema, and you write
> tools to make that happen for other data.
Thanks, that really helps. You could just write 'create your own package
manager'.
> Reasoning from "RPM has a database" -> "All content MUST be delivered
> in *.rpm packages" -> "I want to remove SUID's!" is rather muddled.
No. "RPM delivers content with SUIDs instead of ACLs/caps" -> "RPM
should be fixed to handle xattrs".
> And this thread started (see Subject:) with
>
> What should be done with python's Newer! Better! Bestest!
> convention for storing compiled *.pyo files?
>
> not anything else.
It started like this, I've added something else. That is how discussions
work, subject doesn't have to be fixed as nobody has to stick the first mail
only.
> And all I wished to point out is the (rather flawed imho) reasoning
> that led to putting *.pyo files into *.rpm packages so that
> SELinux trolls could pretend to a solution based on security tags
> instantiated in xattr's.
Maybe, don't know, don't care, won't argue.
--
Tomasz Pala <gotar at pld-linux.org>
More information about the pld-devel-en
mailing list