yum+mach2 for fedora-development tree pseudo-release

[Thomas Vander Stichele]

Hi,

> You mean "hack mach to make it work with yum" as in "import yum..." kind 
> of thing? If so, I think that's far better approach than invoking it from 
> through command line with all the overhead of re-re-re-reading in metadata 
> etc - it'd not only improve speed but give far more control over things. 
> Regardless of that, supporting virtual provides in 'yum install' would be 
> a nice little addition to yum anyway.

There's a big conceptual problem with that approach that I still don't
have a satisfying answer for.

Mach is meant to be run as user - I know way too little about security
to be trusted to write perfectly safe python code.  That's the biggest
reason why mach-helper exists, and people tell me that this is indeed
the smartest route to take.  Of course it'd be easier for me as a
programmer to just do everything in python.  But if we did, then we'd
need a good way of gaining and then dropping privileges for these
operations, and I'd still feel very insecure about having written
something potentially very harmful.

I've looked for other projects that have similar security issues, but
haven't found any of them tackling this particular problem.
Suggestions ?

Thomas


Dave/Dina : future TV today ! - http://www.davedina.org/
<-*- thomas (dot) apestaart (dot) org -*->
I will play you like a shark
And I'll clutch at your heart
I'll come flying like a spark
To enflame you
<-*- thomas (at) apestaart (dot) org -*->
URGent, best radio on the net - 24/7 ! - http://urgent.fm/