[Server-devel] rpm installation via customization stick
Martin Langhoff
martin.langhoff at gmail.com
Tue May 17 12:46:22 EDT 2011
On Tue, May 10, 2011 at 3:29 PM, Chris Ball <cjb at laptop.org> wrote:
> I think it's still more complicated than that.
Agreed. I would say two things
- Currently rpm-based installations are prone to problems with
powerloss (stay tuned for btrfs, and cjb's work on it...). If you go
this way, and you have a large number of laptops, probabilities turn
into number of real laptops affected. If you accept that, then...
- A secure laptop should only execute or install stuff signed by its
admin team - rpms listed in a manifest signed with its OATS keys for
example. (If you are going to go that route -- signed scripts and
lists of rpms, Puppet is you friend - yes, even for the XOs
themselves.)
cheers,
m
--
martin.langhoff at gmail.com
martin at laptop.org -- Software Architect - OLPC
- ask interesting questions
- don't get distracted with shiny stuff - working code first
- http://wiki.laptop.org/go/User:Martinlanghoff
More information about the Server-devel
mailing list