PaulDotCom mailing list archives
Epic fail from RedHat?
From: mike.mikemiller at gmail.com (Michael Miller)
Date: Mon, 23 Nov 2009 13:45:46 -0800
Xavi,
It will be a great solution but only if they develop a system that is robust and? well documented. Reading their mailing list I think that only few guys know exactly how it works, there is not enough documentation (a FAQ page and some blogposts) ?and the commands/options are changing release after release.
I agree the documentation is nonexistent and need to be produced before you stick it into Fedora or any other distribution. That is a failure on Fedora's part as well as the developers of packagekit.
Of course, I have my own repositories in my SAN.? Perhaps I didn't express my point of view as I should. The point here is that mirroring their repository is not enough, now. If I follow their default policy, I have to create a custom repository, only with the packages that I really need and it requires time and tests, because will have broken dependencies, libraries, etc..
That is very true. You do run into issues like that when you don't do a lot of testing. You push out what ever gets dumped into the mirror sites. It all boils down to what your administration style is and what polices you have to work with.
I do not know exactly how this installation system? works. Perhaps I can create a policy somehow and define the packages that can and can't be installed, but this adds complexity in the system? and it is dangerous.? I believe that least privilege is key to secure a system. I am sure that many people in this list is able to find ways to break this system, because complexity means mistakes and mistakes mean compromise.
Complexity is dangerous but how much complexity is built into the package management tools rpm/yum/up2date etc. You still have to be root or use sudo ( as a user with the least privileges ) to run package management tools. I still believe ( an it's the point I was going for. ) that if you can have a audit trail and monitor what the users are doing and manage the process. At the end of the day you still have to balance usability and security, or you end up with systems disconnected and locked up in a vault. -mmiller
Current thread:
- Epic fail from RedHat? Xavier Garcia (Nov 19)
- Epic fail from RedHat? Tim Mugherini (Nov 19)
- Epic fail from RedHat? Michael Miller (Nov 19)
- Epic fail from RedHat? Xavi Garcia (Nov 19)
- Epic fail from RedHat? Tim Mugherini (Nov 19)
- Epic fail from RedHat? Jason Jones (Nov 19)
- Epic fail from RedHat? Tim Mugherini (Nov 20)
- Epic fail from RedHat? Michael Miller (Nov 20)
- Epic fail from RedHat? Xavi Garcia (Nov 21)
- Epic fail from RedHat? Xavi Garcia (Nov 21)
- Epic fail from RedHat? Michael Miller (Nov 23)
- Epic fail from RedHat? Xavi Garcia (Nov 19)