On Mon, 30 Jul 2007, Gilboa Davara wrote:
On Sat, 2007-07-28 at 16:14 -0500, Arthur Pemberton wrote:
On 7/28/07, seth vidal <skvidal@xxxxxxxxxxxxxx> wrote:
On Sat, 2007-07-28 at 14:53 +0000, Kevin Kofler wrote:
Panu Matilainen <pmatilai <at> redhat.com> writes:
- RPM is not an ftp/http client, it's a package manager.
Am I the only one who things that being able to rpm -Uvh http://....rpm is a
nice feature?
it's not an issue of it being a nice feature - it is an issue of whether
it is a good idea to maintain the code. Keep in mind - rpm has its own
http/ftp client included. It's not using curl or wget. All its own code.
That seems a bit much to maintain esp when the majority of people using
rpm do it through a higher level language that already has a http/ftp
client.
the best way to make rpm reliable and consistent is to strip out all
things that are unnecessary.
-sv
I would imagine this opens RPM up to remote attacks too.
I second the above.
Running HTTP/FTP client as root is -not- a god idea.
Yet that's how all our depsolvers and the associated tools work...
- Panu -
--
fedora-devel-list mailing list
fedora-devel-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/fedora-devel-list
