On Wed, 16 Jan 2013, Shad L. Lords wrote: > On Wed, Jan 16, 2013 at 10:35 AM, Charlie Brady wrote: > > > Because Shad is very busy, and also because he prefers instant messaging > > and Skype, and I choose not to use those media, it's hard to get his > > attention to discuss development processes via email. I strike while the > > iron is hot. > > And I appreciate it when we engage in these discussions. It opens things > up and helps clarify things on both sides I think. ... > This isn't point scoring. This is how developers communicate :-)
I know, but I was trying to explain to John. > Lets look at the risks of rebuilding the installer. Parts have to be run > as root. Only if you do a full installer rebuild, the way that RH/Fedora do. We don't need to do that, since we are changing only very limited parts of the install image. We don't need to re-do what CentOS has done to assemble all the files included in the .img files from a large collection of rpms - we just need to replace a few files, mostly from anaconda. > There is only one part of the build process that is run as sudo. This is > the /usr/lib/anaconda-runtime/buildinstall script. ... which is, and always has been, horrible. > If you see a place where things can be made tighter or a place that was > missed in protecting things please let me know and I (we) can look at > making the ISO/installer build process more secure. If you are prepared to re-engineer the process, it can be run as non-root, without sudo. unsquashfs, cpio, mksquashfs and cp in a shell script is pretty much all it takes. Let's take details off-line or into bugzilla if you think its worth changing. As indicated, I don't believe that you can fully secure anaconda buildinstall. --- Charlie _______________________________________________ Discussion about project organisation and overall direction To unsubscribe, e-mail discussion-unsubscr...@lists.contribs.org Searchable archive at http://lists.contribs.org/mailman/public/discussion/