[Yum-devel] new simple "protectyum" plugin
katzj at redhat.com
Tue Jun 12 17:39:46 UTC 2007
On Tue, 2007-06-12 at 11:38 -0400, Matthew Miller wrote:
> On Tue, Jun 12, 2007 at 11:30:52AM -0400, Jeremy Katz wrote:
> > > Anyway, assuming that's a bug that will be fixed, is there anything else
> > > other than openssh-server that might make sense to protect in general?
> > FWIW, the protect list in pirut is
> > remove_blacklist = ('yum', 'pirut', 'glibc', 'rpm-libs', 'rpm',
> > 'kernel', 'kernel-xen', 'kernel-PAE')
> Preventing pirut from removing itself makes sense, but is dodgy in a base
> plugin. And glibc, rpm-libs, and rpm are covered by yum.
*nod* I was just a little paranoid. It might be interesting to have a
way for the plugin's list to be extended other than just by modifying
the file. But we're starting to get a far more complicated plugin at
that point I think...
> The kernel list presents an interesting situation -- maybe that needs
> something more specific which protects DEFAULTKERNEL from
> /etc/sysconfig/kernel? Because I'd be annoyed about kernel-PAE. :)
Well, the pirut case lets you override... it's just a really scary
looking warning :)
More information about the Yum-devel