[Bug 238366] Review Request: autodownloader - GUI-tool to automate the download of certain files
bugzilla at redhat.com
bugzilla at redhat.com
Mon Apr 30 20:12:24 UTC 2007
Please do not reply directly to this email. All additional
comments should be made in the comments box of this bug report.
Summary: Review Request: autodownloader - GUI-tool to automate the download of certain files
https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=238366
------- Additional Comments From dev at nigelj.com 2007-04-30 16:12 EST -------
(In reply to comment #5)
> (In reply to comment #4)
> > Also, I'm tempted to suggest that before inclusion, a database of downloaded
> > files may need to be created, (also meaning that programs that have downloaded
> > files, should ALWAYS require autodownloader) with a %preun to remove downloaded
> > files (remembering that you wouldn't be able to remove autodownloader without
> > removing dependencies that require the files first). This prevents
> > unneeded/unwanted files been left behind after uninstall.
> >
>
> Interesting point, but autodownloader is not suid anything, and thus cannnot
> write to such a global log file. It was designed to run as a normal user and
> download files to dirs under the users $HOME. Yes this has a few downsides, but
> from a security POV, this really is the best solution IMHO.
Okay in that case, it's like firefox and it's profile directories, they exist in
/home so they are the users responsibility to maintain. It also means that a
database of downloaded files to /home directories are a 'bad thing' as home
directory names have susceptible to change.
>
> We might need to take another look at this (adding a suid helper written in C)
> which can install files under /usr if autodownloader becomes popular and is used
> to download big(ger) files.
Agreed, files in /usr need to have something taking responsibility for them,
normally the package manager, but a %preun for something like this would be just
as fine.
I'm happy to continue with the review.
--
Configure bugmail: https://bugzilla.redhat.com/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the QA contact for the bug, or are watching the QA contact.
More information about the package-review
mailing list