[Alan Cox] Re: Proposal: Discourage rpmbuild --sign
robert j. wozny
speedy w eu11.ziew.org
Czw, 1 Sty 2004, 12:59:03 CET
do zastanowienia dla zainteresowanych 8=]
-------------------- Start of forwarded message --------------------
Delivery-date: Thu, 01 Jan 2004 02:26:03 +0100
From: Alan Cox <alan w redhat.com>
Subject: Re: Proposal: Discourage rpmbuild --sign
Date: Wed, 31 Dec 2003 20:25:11 -0500
On Wed, Dec 31, 2003 at 12:01:37PM -1000, Warren Togami wrote:
> Rather than disable rpmbuild as root or rpmbuild --sign, it should
> 1) Big warning message with URL to learn more.
> 2) Delay for 30 seconds.
> 3) Perhaps have a hidden config option to disable the warning & delay
> for users who want to hang themselves. This option could be
> '%stupidbehavior yes'.
For FC2 the whole "root" thing is irrelevant. Something like a default configuration
to not build as root might be a good idea for FC1 but thats the past (and I'd do it
that way - a default config which told you what option to override it).
Once SELinux is in the picture the rules change. You can set up the buildroot for
example with rules of the form
Nothing but a trusted copy of rpm may alter the buildroot proper
The building task in the buildroot may not alter anything outside its build tree
The building task may not talk to the network
The building task may not run the trusted copy of rpm
The building task many not read anything outside the buildroot
etc
Its a whole new ball game. "root" is just a status symbol 8)
-------------------- End of forwarded message --------------------
--
robert j. wozny
... Zycie biegnie wahadlowym ruchem miedzy bolem i nuda,
a sa to faktycznie jego ostateczne skladniki. (Artur Schopenhauer)
Więcej informacji o liście dyskusyjnej pld-devel-pl