RPM roadmapping

Horst H. von Brand vonbrand at inf.utfsm.cl
Mon Jul 30 14:21:34 UTC 2007

n0dalus <n0dalus+redhat at gmail.com> wrote:
> On 7/30/07, Gilboa Davara <gilboad at gmail.com> wrote:
> >
> > /+1. Wget is a sound option.


> Maybe instead of removing the features, they could be left in, but
> when an external program or library that does the job better is
> installed, rpm detects it at runtime and uses it instead.

Sort of. Better if you ask for http://...rpm, and wget/curl/... aren't
there, just error out.

> This way there is the best of both worlds:
> - Basic support for x (eg, http) is provided in rpm, allowing you to
> use x before a more complete implementation is installed.

No need, as the downloading when installing can be handled by external
tools (our you are installing from CD/DVD/local disk

> - The code for x can be simplified, since it should no longer be
> necessary to build in a full x implementation and handle corner cases.

And the security problems stay... for exploiting on partially installed
systems (i.e., the most vulnerable). Plus "Why should I install <foo>
just to use URLs with rpm, they work fine without it"... and you are
back at square one.
Dr. Horst H. von Brand                   User #22616 counter.li.org
Departamento de Informatica                    Fono: +56 32 2654431
Universidad Tecnica Federico Santa Maria             +56 32 2654239
Casilla 110-V, Valparaiso, Chile               Fax:  +56 32 2797513

More information about the fedora-devel-list mailing list