[Server-devel] rpm installation via customization stick

Martin Langhoff martin.langhoff at gmail.com
Tue May 17 12:46:22 EDT 2011


On Tue, May 10, 2011 at 3:29 PM, Chris Ball <cjb at laptop.org> wrote:
> I think it's still more complicated than that.

Agreed. I would say two things

 - Currently rpm-based installations are prone to problems with
powerloss (stay tuned for btrfs, and cjb's work on it...). If you go
this way, and you have a large number of laptops, probabilities turn
into number of real laptops affected. If you accept that, then...

 - A secure laptop should only execute or install stuff signed by its
admin team - rpms listed in a manifest signed with its OATS keys for
example. (If you are going to go that route -- signed scripts and
lists of rpms, Puppet is you friend - yes, even for the XOs
themselves.)

cheers,


m
-- 
 martin.langhoff at gmail.com
 martin at laptop.org -- Software Architect - OLPC
 - ask interesting questions
 - don't get distracted with shiny stuff  - working code first
 - http://wiki.laptop.org/go/User:Martinlanghoff


More information about the Server-devel mailing list