On Thursday 23 December 2004 00:43, Toshio Kuratomi wrote: > If you have set up root to do something nonstandard like running > python in optimized byte comilation mode is the onus also on you to > create the pyos so you can create tripwire hashes? (Or set /usr ro > or [untested] an SELinux context to keep pyo's from being written?) rpmlint comes to mind as "something nonstandard". If you so happen to run it has root, of course. To truly be FHS-compliant, yes, the burden is on an integrator or user to keep Python from writing to /usr. From FHS v2.3: """ /usr is the second major section of the filesystem. /usr is shareable, read-only data. That means that /usr should be shareable between various FHS-compliant hosts and must not be written to. Any information that is host-specific or varies with time is stored elsewhere. """ Technically pyo, when auto-generated by Python during execution, should be written under /var. One could then create a system to allow user-executed pythons to generate pyo for each other based on group permissions. This would be especially cool if pyo actually provided a significant optimization besides a minor startup boost. Since Python is cross-platform, moving things around like that would be too platform specific and most likely rejected. Interestingly enough a related RFE was filed a few years back: http://sourceforge.net/tracker/index.php?func=detail&aid=588756&group_id=5470&atid=355470 So, to %ghost or not to %ghost, that is the question! -- -jeff
