[PATCH] Install customization packages left for us by a USB key.
C. Scott Ananian
cscott at laptop.org
Tue Jul 1 11:44:52 EDT 2008
On Tue, Jul 1, 2008 at 11:36 AM, Michael Stone <michael at laptop.org> wrote:
> http://dev.laptop.org/git?p=security;a=blob;f=rainbow.txt;hb=HEAD#l101
>
> in my opinion, the cheapest way to implement P_SF_CORE + P_SF_RUN is by
> turning the root password into a developer key, then by applying a CoW
> layer such as we recently discussed.
Right, we'll revisit this when all that is in place. In particular,
that means locking down sudo (and things which use it, like
sugar-control-panel) far more than we do currently.
>> The loosey-goosey "but this is highly likely to break when you upgrade
>> between major releases" objection, for instance, is answered by the
>> foot-shooting permission.
>
> It's also answered by the fact that RPM checks dependencies, no?
Only if you assume that (a) nothing in the RPM set is going to be
considered 'critical', and (b) all RPMs are well-behaved. I don't
think we can enforce either.
--scott
--
( http://cscott.net/ )
More information about the Devel
mailing list