| 1 |
On Monday 08 September 2003 04:08, Jan Krueger wrote: |
| 2 |
> |
| 3 |
> Thats true for many open-source project. Some of them just try to get |
| 4 |
> organized more efficiently and succeed in doing so. |
| 5 |
> So, maybe there is a more appropriate organization model for gentoo? |
| 6 |
|
| 7 |
As one of the people responsible for the gentoo orginisation I can say that we |
| 8 |
are working on reorganizing gentoo. But gentoo as an organisation with over |
| 9 |
150 developers and even more contributors is not exactly like a speedboat |
| 10 |
that can make sharp turns. It is more like an ocean liner that needs a long |
| 11 |
time to make a turn. Changes will be comming, and we try to implement them as |
| 12 |
fast as possible, but we are talking about changing mindsets and operation of |
| 13 |
people. Such things take time, lots of time. Further most people involved |
| 14 |
with gentoo are doing this voluntarilly. We cannot put all our available time |
| 15 |
into gentoo. We have jobs and other responsibilities too. |
| 16 |
|
| 17 |
> |
| 18 |
> I say: |
| 19 |
> portage must respect my system inegrity! |
| 20 |
|
| 21 |
There is no 100% safe way for system integrity. The sandbox certainly is not a |
| 22 |
perfect solution. One could use staticly compiled binaries to circumvent them |
| 23 |
or mounts or whatever. If a package wants to do evil portage cannot stop it |
| 24 |
at all. Nor does it aim to, or should it aim to. For those systems that have |
| 25 |
that much security concerns one musth use quaranteening and things like |
| 26 |
selinux or the like together with something like tripwire. Those technologies |
| 27 |
are much better suited to the job than portage which would become |
| 28 |
unmaintainable if it would need to include many tricks and workarounds for |
| 29 |
specific hacks (as there is no universal way to block attacks) |
| 30 |
|
| 31 |
> |
| 32 |
> > So we should never be able to tweak config files et al in an ebuild? |
| 33 |
> |
| 34 |
> an ebuild may freely modify its own config files. |
| 35 |
> modification of config files not belonging to the ebuild should be done via |
| 36 |
> an already suggested, secure abstraction, lets say a function like: |
| 37 |
> changeconf phph.ini "line to add to phpini" |
| 38 |
> portage could then intercept, respecting the suggested CONFIG_EXCLUDE or |
| 39 |
> other user settings, or, if no user setting is the way, go to apply the |
| 40 |
> change. This way it would be impossible for the ebuild to wipe php.ini. |
| 41 |
> Also the user, via CONFIG_EXCLUDE, may completely switch of editing of |
| 42 |
> php.ini by ebuilds. On the other hand, if the user doesnt care, the ebuild |
| 43 |
> is free to add this line to php.ini. |
| 44 |
> |
| 45 |
|
| 46 |
What in those cases where not updating a configuration file (esp. one that is |
| 47 |
not supposed to be edited by humans at all) would result in a bug, or even |
| 48 |
worse a security issue. Yes, I believe that that could happen. |
| 49 |
|
| 50 |
Paul |
| 51 |
|
| 52 |
-- |
| 53 |
Paul de Vrieze |
| 54 |
Gentoo Developer |
| 55 |
Mail: pauldv@g.o |
| 56 |
Homepage: http://www.devrieze.net |
Archives