On Sat, 4 Oct 2003, Matthias Saou wrote: > > seth said: > > My general take is that this no big deal - but there is the possibility > > for much abuse and much flexibility. Hard call between the two of them. > > Exactly my thought, and I'd have to add : > - Don't put any network includes at all, nor any includes to files users > other than root can modify, in a default package configuration of yum. I pretty much concur on each quoted point, as the initiator of the RFE. But ... a *nix environment is not to protect an admin from all possible exploits or even stupid coding or configuration errors -- The forged DNS scenario is trivial to implement for a determined malicious next-hop admin -- and a proper place for a trivial protection is the use of an external CA, and the SSL connection. Not by it gunking up yum, trying to tell an admin what not to do. It is the *nix way to fashion buildingblock tools to easy things trivial, and to make hard things more possible. I had no intention in making the RFE for it to be used in general unattended consumption. Just to make more possible, really interesting futures with yum config files. I don't consider the call hard at all. This RFE creates a doorway to a more capable future; it is up to admins to decide to open it. -- Russ Herrold
