Horst H. von Brand
vonbrand at inf.utfsm.cl
Mon Jul 30 14:21:34 UTC 2007
n0dalus <n0dalus+redhat at gmail.com> wrote:
> On 7/30/07, Gilboa Davara <gilboad at gmail.com> wrote:
> > /+1. Wget is a sound option.
> Maybe instead of removing the features, they could be left in, but
> when an external program or library that does the job better is
> installed, rpm detects it at runtime and uses it instead.
Sort of. Better if you ask for http://...rpm, and wget/curl/... aren't
there, just error out.
> This way there is the best of both worlds:
> - Basic support for x (eg, http) is provided in rpm, allowing you to
> use x before a more complete implementation is installed.
No need, as the downloading when installing can be handled by external
tools (our you are installing from CD/DVD/local disk
> - The code for x can be simplified, since it should no longer be
> necessary to build in a full x implementation and handle corner cases.
And the security problems stay... for exploiting on partially installed
systems (i.e., the most vulnerable). Plus "Why should I install <foo>
just to use URLs with rpm, they work fine without it"... and you are
back at square one.
Dr. Horst H. von Brand User #22616 counter.li.org
Departamento de Informatica Fono: +56 32 2654431
Universidad Tecnica Federico Santa Maria +56 32 2654239
Casilla 110-V, Valparaiso, Chile Fax: +56 32 2797513
More information about the fedora-devel-list