[Yum-devel] [PATCH] Yum plugins
Greg Knaddison
greg.knaddison at gmail.com
Fri Mar 18 18:10:14 UTC 2005
On Fri, 18 Mar 2005 09:20:11 -0500, seth vidal <skvidal at phy.duke.edu> wrote:
>
> I'd feel a lot better if the plugins needed to be defined in a file
> in /etc as well as exist in some path. Mainly b/c it would decrease the
> possibility of someone just dropping a file in the wrong place or doing
> so maliciously.
Aside from (hopefully) stricter controls/monitoring on /etc/ is there
anything to stop a malicious plugin-author from editing the /etc/ file
as well?
For better security you could ask the user before including each
plugin, but I can see that getting annoying...
>
> I think specifying a yum major+firstminor version number as part of the
> plugin specification would be valuable.
>
> so we can distinguish plugins by version and ignore the right ones.
We may be able to learn from Mozilla on this front - since they have a
relatively popular extension/plugin system. Mozilla uses a version
number in a specification file within the extension installation file.
You can do things like "0.9" so an extension only works with the 0.9
version. You can also do "0.9+" so that the extension will work with
any version of Mozilla greater than/equal to 0.9.
Just some thoughts - plugins seem like a nice addition to yum, but
also one that may cause some extra work.
Greg
More information about the Yum-devel
mailing list