> > since i certainly trust the project, and DOS' contributions, should i
> > simply mod my cron jobs to,
> >
> > sa-update --allowplugins --channelfile .../DIST-channels.conf
> > sa-update --allowplugins --channelfile .../SARE-channels.conf
>
> my understanding of Theo's comments is no you shouldn't do that. My
> understanding of what he said was that none of the standard or SARE
> channels update plugins this way.
>
> From a security point of view you should not enable this by default, by
> doing that you would be leaving a wide open security hole, which could
> get compromised in the future.
>
> This switch is there for the rare occasion where you decide to allow a
> channel to update a plugin automatically. This is something you would
> do only after reviewing that channel.
Yep -- I can't see any standard channel needing to use it. Typically
if someone was to publish a channel that requires a certain custom
plugin, they would indicate that in the channel's documentation...
all clear, now, thanks!
still, would be nice to be able to verify -- using cmd line option --
what, if anyhting, the channel sa-update DID, in fact, 'send over'.
namely, did/does it install a plugin, in addition to any rules, even
IF disabled ...
thanks.
