On Thu, 2009-11-19 at 08:48 -0800, Jesse Keating wrote: > On Thu, 2009-11-19 at 09:14 -0500, Owen Taylor wrote: > > It doesn't work practically: configuration for packages needs to live > > with the package. Putting gigantic amounts of configuration into the > > %post of a kickstart file quickly becomes unmanageable. And the idea > > that we make configuration changes in the %post of the kickstart really > > falls part badly once people start upgrading their install to the next > > version of Fedora. > Which is why you do it with specifically selected policy packages, and > not trying to write out files in %post. Create a set of policy packages > that define certain user cases, and pick from those as you construct a > spin. I can't resist pointing out the irony that the currently-under-discussion issue would precisely allow an unprivileged user to torpedo such a system of enforcement, if we were using one already =) -- Adam Williamson Fedora QA Community Monkey IRC: adamw | Fedora Talk: adamwill AT fedoraproject DOT org http://www.happyassassin.net -- fedora-devel-list mailing list fedora-devel-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-devel-list
