On Thu, 2006-09-21 at 20:57 -0700, Jane Dogalt wrote:
Certainly your writing your own installer seperate from anaconda can
give you a better feeling that tons of code isn't being run as root in
a way that it wasn't really designed (well) from the ground up to do.
But the other major thing is general security. If it wasn't code that
you had written yourself, how comfortable would you feel trying to use
your main workstation to generate a custom livecd (when it's churning
away in root-mode for hour/s)?
Probably not very comfortable. Then again, we all run pretty security
sensitive code but normally that have been vetted by several OS vendors.
I rarely run random code as root that some dude sends to a mailing list
without reading it through. Btw, I expect people to do the same.. at
this point pilgrim is just that - random (ok, not exactly random, we use
it for OLPC) code being sent by a dude (the fact I work for Red Hat may
wrongly lead people to trust me more; it really shouldn't) on a mailing
list.
But I think it's doable to actually review the pilgrim code because it's
pretty simple and somewhat linear to read.
If my project is successful, I forsee people feeling much more
comfortable doing a -
(as root) yum install vsys (or local per user root-less install)
(as user) vsys generate liveiso \
--config=mediacenter_appliance.xml \
--addpackages=myfavoriteeditor,meld \
mylivedvd.iso
Yea. Using some kind of container (qemu, xen, whatever) / jail (e.g.
chroot) is probably a good idea. I don't see that being hard to add to
pilgrim, though, the container approach raises an interesting Chinese
Box paradox: how do you build the container in the first place? :-)
David