On Tue, Jul 01, 2008 at 08:05:46AM -0400, C. Scott Ananian wrote: > > 3. Why do we care whether there's a devkey? We would actually be better > > off checking that all the RPMs we're installing are owned by uid 0, > > this being the exact privilege that we're attempting to safeguard. > > because we're also trying to enforce P_SF_RUN and a whole bunch of > other random things; all of which everyone seems to agree can be > subsumed under "you're a developer, you can shoot yourself in the foot > if you want to".
And, as you will observe here http://dev.laptop.org/git?p=security;a=blob;f=rainbow.txt;hb=HEAD#l101 in my opinion, the cheapest way to implement P_SF_CORE + P_SF_RUN is by turning the root password into a developer key, then by applying a CoW layer such as we recently discussed. > The loosey-goosey "but this is highly likely to break when you upgrade > between major releases" objection, for instance, is answered by the > foot-shooting permission. It's also answered by the fact that RPM checks dependencies, no? Michael _______________________________________________ Devel mailing list Devel@lists.laptop.org http://lists.laptop.org/listinfo/devel