Shawn,
> There are several things I'd like to point out:
>
> * The application/pkg/server service is disabled by default, an
> administrator has to enable it explicitly; that suggests that
> they've read the documentation and are aware and intend that
> publication access is enabled. Changing the default for readonly
> is fine, although again, this doesn't resolve the administrator
> of their responsibilities.
indeed, but this can only happen if they are fully aware of the
consequences. I still claim that documentation for this is lacking,
especially since the problem has been known from the start.
> * Like any service that an administrator might enable, it is important
> for them to properly configure the service to fit their needs. Yes,
> documentation is always helpful, no one has denied that. I had
> already mentioned we had several RFEs open to expand the existing
> documentation or add new documentation.
Great, act on that. I hope you see that the risk of not doing so is
immense.
> * Existing packages cannot be modified; period; the depot server does
> not provide any functionality to do so. Yes, you could possibly
> publish new packages, but there's no way to modify any existing
> ones.
I'm not talking about modifying existing ones, but you can publish newer
versions of existing ones, even if the only differ by timestamp. That's
what I have done during my development/refinement of the zflash
service. An in doing so, you can add whatever SMF service manifest and
service method you like, which will be run as root (or whatever you
specify in the manifest).
> * When package signing is implemented, even if you could somehow
> publish a new package to a repository, clients would reject it
> since it wasn't properly signed.
I've been hoping for this for a long time: SVr4 packaging gained this
ability quite some time ago, so IPS is regressing in this crucial
regard.
Rainer
--
-----------------------------------------------------------------------------
Rainer Orth, Center for Biotechnology, Bielefeld University
_______________________________________________
caiman-discuss mailing list
[email protected]
http://mail.opensolaris.org/mailman/listinfo/caiman-discuss
