[PATCH] Install customization packages left for us by a USB key.

Michael Stone michael at laptop.org
Tue Jul 1 11:36:20 EDT 2008

On Tue, Jul 01, 2008 at 08:05:46AM -0400, C. Scott Ananian wrote:
> > 3. Why do we care whether there's a devkey? We would actually be better
> >   off checking that all the RPMs we're installing are owned by uid 0,
> >   this being the exact privilege that we're attempting to safeguard.
> because we're also trying to enforce P_SF_RUN and a whole bunch of
> other random things; all of which everyone seems to agree can be
> subsumed under "you're a developer, you can shoot yourself in the foot
> if you want to".

And, as you will observe here


in my opinion, the cheapest way to implement P_SF_CORE + P_SF_RUN is by
turning the root password into a developer key, then by applying a CoW
layer such as we recently discussed.

> The loosey-goosey "but this is highly likely to break when you upgrade
> between major releases" objection, for instance, is answered by the
> foot-shooting permission.

It's also answered by the fact that RPM checks dependencies, no?


More information about the Devel mailing list