On Sun, 2013-04-07 at 14:07 +0200, Peter Meier wrote: > > I think that this should be done without modifying the > > Puppet::Node class/object and instead we just inject this one top > > level variable in the compiler. > > And we need to ensure, that it can't be overwritten by any client > sending a fact called trust. But I think that's quite obvious ;)
I like the overall idea being discussed, but perhaps another / additional approach would be to put facts in their own variable too. Instead of $::operatingsystem You have $::fact['operatingsystem'] It would be easy to provide backwards compatibility (just expose both names) and also easy to provide a configuration option for a transitional period. Then it would be simple for people to remember: if you are grabbing data from $::fact, treat it as untrusted. Just a thought... Sean -- You received this message because you are subscribed to the Google Groups "Puppet Developers" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. Visit this group at http://groups.google.com/group/puppet-dev?hl=en. For more options, visit https://groups.google.com/groups/opt_out.
