[Fedora-livecd-list] Welcome Pilgrims, please don't take our land...
David Zeuthen
davidz at redhat.com
Fri Sep 22 19:23:07 UTC 2006
On Thu, 2006-09-21 at 20:57 -0700, Jane Dogalt wrote:
> Certainly your writing your own installer seperate from anaconda can
> give you a better feeling that tons of code isn't being run as root in
> a way that it wasn't really designed (well) from the ground up to do.
>
> But the other major thing is general security. If it wasn't code that
> you had written yourself, how comfortable would you feel trying to use
> your main workstation to generate a custom livecd (when it's churning
> away in root-mode for hour/s)?
Probably not very comfortable. Then again, we all run pretty security
sensitive code but normally that have been vetted by several OS vendors.
I rarely run random code as root that some dude sends to a mailing list
without reading it through. Btw, I expect people to do the same.. at
this point pilgrim is just that - random (ok, not exactly random, we use
it for OLPC) code being sent by a dude (the fact I work for Red Hat may
wrongly lead people to trust me more; it really shouldn't) on a mailing
list.
But I think it's doable to actually review the pilgrim code because it's
pretty simple and somewhat linear to read.
> If my project is successful, I forsee people feeling much more
> comfortable doing a -
>
> (as root) yum install vsys (or local per user root-less install)
> (as user) vsys generate liveiso \
> --config=mediacenter_appliance.xml \
> --addpackages=myfavoriteeditor,meld \
> mylivedvd.iso
Yea. Using some kind of container (qemu, xen, whatever) / jail (e.g.
chroot) is probably a good idea. I don't see that being hard to add to
pilgrim, though, the container approach raises an interesting Chinese
Box paradox: how do you build the container in the first place? :-)
David
More information about the livecd
mailing list