On 2012-Aug-26 12:27:41 -0700, Doug Barton <dougb_at_freebsd.org> wrote: >On 08/26/2012 12:08, Ian Lepore wrote: >> Maybe it could rename itself to /usr/local/sbin/pkg-bootstrap as part of >> replacing itself, so that you could re-bootstrap your way out of a >> problem later. > >That's certainly creative thinking, but I'm still queasy about 2 >commands with the same name that do 2 different things. And having it >rename itself adds to the confusion down the road. I also like the idea of a pkg-bootstrap command. Possibly a symlink from pkg to pkg-bootstrap, that gets removed as part of the bootstrap process, would help - but it should just tell you how to run pkg-bootstrap. I don't like the idea of pkg{-bootstrap} autonomously installing something I didn't ask for. And I don't like the idea that all pkg commands get bounced through a /usr/sbin/pkg once it has been bootstrapped. >Having a simple pkg bootstrapping tool in the base is a good idea. But >the functionality needs to be extremely limited so that we don't >increase the security exposure; and so that we don't end up in a >situation where a bug fix for something in the base limits our ability >to innovate with pkg in the ports tree. Agreed. BTW, one thing that needs to be considered is how to recover from the embedded public key needing to be invalidated (eg due to the private key being exposed). -- Peter Jeremy
This archive was generated by hypermail 2.4.0 : Wed May 19 2021 - 11:40:30 UTC