On Fri, 2005-07-22 at 13:51 -0400, Jeff Spaleta wrote: > On 7/22/05, Karsten Wade <kwade@xxxxxxxxxx> wrote: > > Instead of a package, could repos make their details available via RSS > > feeds? You would past an RSS URL into the GUI tool and it would pull > > down the latest details. > > Ugh.. horrid. You are asking a gui that has to be run by root to > scrape configs out of an rss feed. Can you even provide a signed > payload that way? Seems to me you are just re-inventing the wheel > here. Just pull down a package and install it. Advertising "package > links" via rss feeds is a good idea... but encoding the actual configs > into an rss feed is not a good way to do this. At the end of the > day.. you are installing config files that really should be managed by > the rpm system just like what the fedora-release package does right > now in Core....which means installing updates via a package. We do it > for fedora-release, we should encourage 3rd parties to use the same > mechanism. rpm -V is a good thing.. lets not invent something that > shortcircuits the ability to verify that the configs you have are > really the configs you are expected to have. Sure, that makes sense. I was just looking for something that was better than "type it in by hand". A feed would be moderately better at this. But, yeah, it sucks for security. I didn't think the idea through for all implications. > > something, they wouldn't have to roll and release a new package. The > > GUI could check for repo updates daily, weekly, whatever. > > Yeah we could provide all of files from all packages via an rss feed > instead of via rpms. > I'm really not seeing the advantage of providing a new mechanism to > drop configs into a system. Can't people just advertise links to rpms > in the rss feed and have the gui scrape for packages to install? I feel end users might be confused by the idea of installing and updating a package in order to have the latest information on where packages are. But that is probably small minded of me. :) Otherwise, your shoot down of my idea is correct -- the security would be horrid and a reinvention. :) It might help to make fedora-announce-list available as an RSS feed, then ask repo packagers to advertise their updates there. - Karsten -- Karsten Wade, RHCE * Sr. Tech Writer * http://people.redhat.com/kwade/ gpg fingerprint: 2680 DBFD D968 3141 0115 5F1B D992 0E06 AD0E 0C41 Red Hat SELinux Guide http://www.redhat.com/docs/manuals/enterprise/RHEL-4-Manual/selinux-guide/
Attachment:
signature.asc
Description: This is a digitally signed message part
-- Fedora-marketing-list mailing list Fedora-marketing-list@xxxxxxxxxx http://www.redhat.com/mailman/listinfo/fedora-marketing-list
