On 2017-06-27 21:02:21, Jens Korte wrote:
> On Tue, 27 Jun 2017 14:35:09 -0400
> Antoine Beaupré <[email protected]> wrote:
>
>> On 2017-06-27 21:17:33, Apollon Oikonomopoulos wrote:
>> > On 20:08 Tue 27 Jun , Guido Günther wrote:
>> >> That sounds good to me especially if it's possible to toggle this so
>> >> one
>> >> can e.g. first update all clients then disable accepting YAML on the
>> >> server.
>> >
>> > My thoughts exactly, it will be great if there's a configuration option
>> > for turning off YAML.
>>
>> Unfortunately, this is completely hardcoded in the source code, even in
>> newer releases. I would think it unwise to allow such a configuration in
>> wheezy since it would be ignored in later release.
>
> How about introducing a second package that provides the same as puppet but
> without YAML? It would not break the configuration later on and people can
> choose to install the old package with higher security.
That would be more inconvenient than fixing the actual YAML issue. It
would also break upgrades.
I would not support such a solution.
A.
--
Le péché est né avant la vertu, comme le moteur avant le frein.
- Jean-Paul Sartre
