On Fri, Jan 01, 1999 at 03:41:04PM -0500, Sam wrote:
> No, that's your answer right there. This proposed feature is not going to
> benefit anything else except Qmail. You do not stick features into system
> management tools unless there's a clear benefit that will profit at least
> a good fraction of the system that you are administering.
If djb was interested in defining a way to verify his binaries to the
extent that he felt it was safe and secure, then I don't see why that
couldn't be added in. It might take some effort (having not looked
through the rpm verification code, I don't know if it can define a
program to exec in the database to do verification... this could be a
nasty design problem). However, let's keep in mind that when this
strategy was suggested by sdb, no-one stepped up to solidify the
proposal, and djb has not made a peep about how he feels about this.
> > I'm not saying that. I'm saying that if the binary file editor will
> > break rpm --verify, then why not fork and extension of rpm which will
> > fix that? It's open source. It's allowed. That's the whole argument
> > behind open source.
>
> Well, go ahead and do it. But unless you get Red Hat to accept your
> additions, it will be a wasted effort.
Personally I don't like the idea because I haven't been presented with
a method of verfication that is any more secure then placing necessary
uid info in a file. So why go through the extra effort of forking
rpm, a package that is *very* widely deployed and supported (far more
widely then qmail - at least 100x more, maybe upwards of 1000x more),
and the only person who is causing any beef with it is djb?
-Peter
