Xavi, > It will be a great solution but only if they develop a system that is robust > and well > documented. Reading their mailing list I think that only few guys know > exactly > how it works, there is not enough documentation (a FAQ page and some > blogposts) > and the commands/options are changing release after release.
I agree the documentation is nonexistent and need to be produced before you stick it into Fedora or any other distribution. That is a failure on Fedora's part as well as the developers of packagekit. > Of course, I have my own repositories in my SAN. Perhaps I didn't express > my > point of view as I should. The point here is that mirroring their repository > is not > enough, now. If I follow their default policy, I have to create a custom > repository, > only with the packages that I really need and it requires time and tests, > because > will have broken dependencies, libraries, etc.. That is very true. You do run into issues like that when you don't do a lot of testing. You push out what ever gets dumped into the mirror sites. It all boils down to what your administration style is and what polices you have to work with. > I do not know exactly how this installation system works. Perhaps I can > create a policy somehow and define the packages that can and can't be > installed, > but this adds complexity in the system and it is dangerous. I believe that > least > privilege is key to secure a system. I am sure that many people in this list > is able > to find ways to break this system, because complexity means mistakes and > mistakes > mean compromise. Complexity is dangerous but how much complexity is built into the package management tools rpm/yum/up2date etc. You still have to be root or use sudo ( as a user with the least privileges ) to run package management tools. I still believe ( an it's the point I was going for. ) that if you can have a audit trail and monitor what the users are doing and manage the process. At the end of the day you still have to balance usability and security, or you end up with systems disconnected and locked up in a vault. -mmiller _______________________________________________ Pauldotcom mailing list [email protected] http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom Main Web Site: http://pauldotcom.com
