PaulDotCom mailing list archives

Epic fail from RedHat?

From: mike.mikemiller at gmail.com (Michael Miller)
Date: Mon, 23 Nov 2009 13:45:46 -0800

Xavi,

It will be a great solution but only if they develop a system that is robust
and? well
documented. Reading their mailing list I think that only few guys know
exactly
how it works, there is not enough documentation (a FAQ page and some
blogposts)
?and the commands/options are changing release after release.


I agree the documentation is nonexistent and need to be produced
before you stick it into Fedora or any other distribution.  That is a
failure on Fedora's part as well as the developers of packagekit.

Of course, I have my own repositories in my SAN.? Perhaps I didn't express
my
point of view as I should. The point here is that mirroring their repository
is not
enough, now. If I follow their default policy, I have to create a custom
repository,
only with the packages that I really need and it requires time and tests,
because
will have broken dependencies, libraries, etc..


That is very true.  You do run into issues like that when you don't do
a lot of testing. You push out what ever gets dumped into the mirror
sites.  It all boils down to what your administration style is and
what polices you have to work with.

I do not know exactly how this installation system? works. Perhaps I can
create a policy somehow and define the packages that can and can't be
installed,
but this adds complexity in the system? and it is dangerous.? I believe that
least
privilege is key to secure a system. I am sure that many people in this list
is able
to find ways to break this system, because complexity means mistakes and
mistakes
mean compromise.


Complexity is dangerous but how much complexity is built into the
package management tools rpm/yum/up2date etc.
You still have to be root or use sudo ( as a user with the least
privileges ) to run package management tools.  I still believe ( an
it's the point I was going for. ) that if you can have a audit trail
and monitor what the users are doing and manage the process.  At the
end of the day you still have to balance usability and security, or
you end up with systems disconnected and locked up in a vault.

-mmiller

Current thread:

Epic fail from RedHat? Xavier Garcia (Nov 19)
- Epic fail from RedHat? Tim Mugherini (Nov 19)
- Epic fail from RedHat? Michael Miller (Nov 19)
  - Epic fail from RedHat? Xavi Garcia (Nov 19)
    - Epic fail from RedHat? Tim Mugherini (Nov 19)
    - Epic fail from RedHat? Jason Jones (Nov 19)
    - Epic fail from RedHat? Tim Mugherini (Nov 20)
    - Epic fail from RedHat? Michael Miller (Nov 20)
    - Epic fail from RedHat? Xavi Garcia (Nov 21)
    - Epic fail from RedHat? Xavi Garcia (Nov 21)
    - Epic fail from RedHat? Michael Miller (Nov 23)