seth vidal wrote: > The reason torrents work is b/c people leave their downloaders running. > People implicitly do not want to leave their downloader running in this > case. They want to udpate and get along with life. Yum continue with its work as soon as the *download* is complete, just like HTTP. The client uploaded runs in the background trying to maintain the health of the swarm. >>3 Doesn't seem like a terrible issue to me. AFAICT Bittorrent has yet >>to have a security problem identified in three years of the project >>running - not a bad record. I'm not as sure of Yum's history, but I >>imagine it is good as well. Clearly an audit of the two trees is a >>good idea - fortunately this is a rather active group! > > > Bittorrent hasn't had any security problems but bittorrent should not > ever run as root. Yum has no choice but to run as root. Amen. This is still a beta system. The client and server managers already do not run as root, but right now the downloader spawned from yum does, albeit for a short period of time. We plan to fix this. Nothing but the very minimum will run as root. Thanks for your comments everyone! Thanks, Jarret Raim
