Jim Perrin wrote: > but what exactly are the goals going to be? > Well, Here's one security goal I would like to see addressed: I'd like to protect only those parts of the yum.conf file that genuinely need protection. Currently, if you use a repository that requires passwords in the URLs, you have to make your entire yum.conf file readable only by root. I'd like to have yum.conf be world readable -- so that users can know where the software they run is coming from, but be able to include a small file (readable only by root) that sets some variables for use as repository passwords. I realize that there's more to this than just an include feature. There has to be some way in parsing the config file to set variables for later use. Right now (as I read the documentation -- I haven't looked at the source code) it is possible to *use* some particular named variables (such as $arch, $releasever, etc) with values extracted from the runtime environment, but not possible to *set* variables in the config file, and no provision for arbitrary variable names at all. Still, this should not be too hard to accomplish, given that there is code to recognize particular variable use already. What do you think? Rick PS -- Obviously, a generalized variables feature has other uses than just passwords. It's just that I have a need to use it for passwords.
