On Thu, 2005-01-20 at 01:17 +0100, Ernst Herzberg wrote: > Soryy, i don't understand this discussion. What is the problem? basc can't > read /var/log/whatever, but need it to work, exept if the user who run basc > is the root user or member of the group portage. Right?
Actually, basc just needs *something* as a metric to base its units off, which currently is gcc via portage, but could be anything. > Which polices forbid basc to be a member of portage? The guy who install it, > has to be one of this kind of user. The security team shoul take a look on > the source of basc and sign it. This guys do it on every other packake, that > connect to other servers or accept connection from the outside. I'm right, > they do it? And basc is easy to understand, only source... no package depends > on basc, everybody can install it, if he want it do to, he only needs to be > root or maybe a member of the portage group. No policy forbids basc from being a member of the portage group. However, it should be able to run without being a member of the portage group easily, as everything that has been discussed has shown that basc does not *need* to access any logs from portage, but could instead generate its own unit in its own way, which is preferable to security-minded people and also to most of the Gentoo developers whom have commented. > Or i missing the point? Yes. The application has no need to be root or in group portage to function, so it shouldn't be required just to get a simple statistic that can be generated via other means and actually be more useful than using the portage logs. -- Chris Gianelloni Release Engineering - Operational/QA Manager Games - Developer Gentoo Linux
signature.asc
Description: This is a digitally signed message part
