On Tue, 2010-07-06 at 12:02 -0400, Benjamin M. Schwartz wrote: > I think you are missing an important requirement: installation without > elevated permissions.
XO and SoaS distributions are configured for sudo with no password. Rainbow has been bit-rotting for the past 2 years and nobody volunteered to work on it. The bottom line is that *nowadays*, any activity can escalate root privileges. Before someone screams in horror, consider this: the only valuable data on the laptop belongs to user "olpc". A non-privileged account can already effectively do anything that a spammer would like to do. Even in a Rainbow-enabled environment, privileged vs unprivileged installation isn't by itself the source of security issues. Packages could easily be checked to ensure that all bundled files are within a specific path, like we currently do with the zip files. Post-install scriptlets can be disabled. Even with these limitations, a native packaging system is still years ahead of us in terms of robustness and feature-completeness. > P.S. This cross-posting is getting ridiculous. Mikus keeps moving this thread to other lists because he won't subscribe to sugar-devel. (why?? ask him). -- // Bernie Innocenti - http://codewiz.org/ \X/ Sugar Labs - http://sugarlabs.org/ _______________________________________________ Sugar-devel mailing list Sugar-devel@lists.sugarlabs.org http://lists.sugarlabs.org/listinfo/sugar-devel
