Proposal: Discourage rpmbuild --sign
Alan Cox
alan at redhat.com
Thu Jan 1 01:25:11 UTC 2004
On Wed, Dec 31, 2003 at 12:01:37PM -1000, Warren Togami wrote:
> Rather than disable rpmbuild as root or rpmbuild --sign, it should
> 1) Big warning message with URL to learn more.
> 2) Delay for 30 seconds.
> 3) Perhaps have a hidden config option to disable the warning & delay
> for users who want to hang themselves. This option could be
> '%stupidbehavior yes'.
For FC2 the whole "root" thing is irrelevant. Something like a default configuration
to not build as root might be a good idea for FC1 but thats the past (and I'd do it
that way - a default config which told you what option to override it).
Once SELinux is in the picture the rules change. You can set up the buildroot for
example with rules of the form
Nothing but a trusted copy of rpm may alter the buildroot proper
The building task in the buildroot may not alter anything outside its build tree
The building task may not talk to the network
The building task may not run the trusted copy of rpm
The building task many not read anything outside the buildroot
etc
Its a whole new ball game. "root" is just a status symbol 8)
More information about the devel
mailing list