Fedora's way forward
Naheem Zaffar
naheemzaffar at gmail.com
Sun Apr 2 02:45:19 UTC 2006
and that could be very very dangerous... a single web browser flaw could
open up the full system to attack...
...Imagine visiting a page that installs a repository, and then subsequently
replaces core packages with compromised ones? (there are a couple of
security hurdles such as root password... but never rely on the user to
easily make the corrent judgement...)
All that should be needed is for a way to get pirut to get a repo file
(disabled by default... and clear to the user with a message: 'repo foo
added. go to repo's to activate')
and then after that, the normal package install method
(commandline/pirut/yumex/other) to actually install the files.
Its not too far off the current method though... as current the repo files
are distributed in rpm files. pirut installs the rpm file which adds the
repo. then the normal method is used to add files... so not too much to do
really...
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.fedoraproject.org/pipermail/devel/attachments/20060402/595aec8d/attachment-0002.html
More information about the devel
mailing list