[packagekit] ServicePack: The magic file
Richard Hughes
hughsient at gmail.com
Fri Mar 28 03:07:27 PDT 2008
On Thu, 2008-03-27 at 23:38 -0400, David Zeuthen wrote:
> - Security: I'm not sure you should be adding repositories without
> the users consent.
Well, I think adding disabled repositories is fine - they are going to
be ignored until the user trusts the media is valid, and the session
enables the repo.
> Implementation-wise this is even simpler. You don't need to pollute the
> main daemon with extra code or dependencies.
I see two issues with the session only solution:
* How do we Lock() the CDROM drive to stop the user pressing eject or
unmounting the volume? We would loose the lock anytime we do a fast user
switch.
* Even if we catch the ::unmount signal in the session from gvfs, the
repo still is added and enabled. If we shutdown after doing an install
from the media, then remove the disk when there is no power, then the
repo is still valid. When we reboot, the backend is going to complain
loudly that it can't find /media/disk/Fedora/Updates/metadata.xml
> Finally. I don't mean to flame but there are already enough bugs in
> PackageKit and what the functionality you're trying to add makes it even
> less transparent what's going on. It is hardly the time to add more
> features that are a) hard to figure out; and b) introduces nasty
> security issues.
Well, I've pushed nothing to git master, I've been working on a
insane-crack local branch. We'll work out the detail before I merge
anything.
Thanks for the help,
Richard.
More information about the PackageKit
mailing list