1 |
On Monday 08 September 2003 04:08, Jan Krueger wrote: |
2 |
> |
3 |
> Thats true for many open-source project. Some of them just try to get |
4 |
> organized more efficiently and succeed in doing so. |
5 |
> So, maybe there is a more appropriate organization model for gentoo? |
6 |
|
7 |
As one of the people responsible for the gentoo orginisation I can say that we |
8 |
are working on reorganizing gentoo. But gentoo as an organisation with over |
9 |
150 developers and even more contributors is not exactly like a speedboat |
10 |
that can make sharp turns. It is more like an ocean liner that needs a long |
11 |
time to make a turn. Changes will be comming, and we try to implement them as |
12 |
fast as possible, but we are talking about changing mindsets and operation of |
13 |
people. Such things take time, lots of time. Further most people involved |
14 |
with gentoo are doing this voluntarilly. We cannot put all our available time |
15 |
into gentoo. We have jobs and other responsibilities too. |
16 |
|
17 |
> |
18 |
> I say: |
19 |
> portage must respect my system inegrity! |
20 |
|
21 |
There is no 100% safe way for system integrity. The sandbox certainly is not a |
22 |
perfect solution. One could use staticly compiled binaries to circumvent them |
23 |
or mounts or whatever. If a package wants to do evil portage cannot stop it |
24 |
at all. Nor does it aim to, or should it aim to. For those systems that have |
25 |
that much security concerns one musth use quaranteening and things like |
26 |
selinux or the like together with something like tripwire. Those technologies |
27 |
are much better suited to the job than portage which would become |
28 |
unmaintainable if it would need to include many tricks and workarounds for |
29 |
specific hacks (as there is no universal way to block attacks) |
30 |
|
31 |
> |
32 |
> > So we should never be able to tweak config files et al in an ebuild? |
33 |
> |
34 |
> an ebuild may freely modify its own config files. |
35 |
> modification of config files not belonging to the ebuild should be done via |
36 |
> an already suggested, secure abstraction, lets say a function like: |
37 |
> changeconf phph.ini "line to add to phpini" |
38 |
> portage could then intercept, respecting the suggested CONFIG_EXCLUDE or |
39 |
> other user settings, or, if no user setting is the way, go to apply the |
40 |
> change. This way it would be impossible for the ebuild to wipe php.ini. |
41 |
> Also the user, via CONFIG_EXCLUDE, may completely switch of editing of |
42 |
> php.ini by ebuilds. On the other hand, if the user doesnt care, the ebuild |
43 |
> is free to add this line to php.ini. |
44 |
> |
45 |
|
46 |
What in those cases where not updating a configuration file (esp. one that is |
47 |
not supposed to be edited by humans at all) would result in a bug, or even |
48 |
worse a security issue. Yes, I believe that that could happen. |
49 |
|
50 |
Paul |
51 |
|
52 |
-- |
53 |
Paul de Vrieze |
54 |
Gentoo Developer |
55 |
Mail: pauldv@g.o |
56 |
Homepage: http://www.devrieze.net |