[Rpm-maint] whither rpmbuild, whither rpm?
R P Herrold
herrold at owlriver.com
Tue Apr 15 22:19:56 UTC 2008
A quote from a post earlier to day piqued by interest:
> The ldconfig hackery in rpm is going away sooner or later,
> what I want to see is some more generic mechanism for
> packages to queue actions to happen at end of the
> transaction. ...
> ...
> Several ways to accomplish that, I've just been too busy
> whacking potential buffer overflows and similar fun to have
> a chance to really think about it :)
So write the limited %pre and %post grammar and float a
candidate; without a constrained grammar, it is just tossing a
pail of water into the wind; in the absence of limits or
defined ways to perform permitted operations, continued
deference to a nice Turing complete shell interpreter's bag of
tools doomed transactional rollbacks, and makes avoidance of
'potential' buffer overflows the least of one's worries; an
obfuscated 'ulink' of two in a %pre or %post, or dropped in as
an 'at' script for time delay action, has much higher in the
realm of damage potential.
It seemed to me that chasing 'potential' buffer overflows, on
code that valgrind is largely happy with; I watch all rpm
related filings and have for many years, and frankly, this
asserted concern with code cleanup in the name of avoiding
insecure! buffer! overflows! just looks like makework to me.
So being interested in the future or RPM and RPMBUILD, I
figured, why not go to the source, and look at the rpm.org
website, as 'We're relaunching rpm.org, with a new direction
for future development of RPM. RPM should not be the province
of one company, or a small set of developers' -- edit by:
2007-10-15 10:03:03 by PanuMatilainen
-- http://wiki.rpm.org/FrontPage
from: http://wiki.rpm.org/News
RPM development switches to GIT (Mar 31th 2008)
* Rpm code repository has been converted from Mercurial to
GIT, effective immediately. Access details are documented on
GetSource page.
from: http://wiki.rpm.org/Docs/RpmOrgFAQ
So what, specifically, are you doing with RPM? And where is
the work going to happen?
We have set up a new [WWW] repository, [link to: http://hg.rpm.org/]
from: http://wiki.rpm.org/Docs/RpmOrgFAQ
When is all of this happening?
Starting now. Planning and review happening over the next 3-6
months -- edit 2006-12-15 23:20:06 by JamesBowes
hmmm ...
from: http://wiki.rpm.org/Roadmap
Build process cleanup
* Clean up, modernize and correct RPM's auto*tool usage
* Make compilation free of warnings
Let's look elsewhere:
from: https://bugzilla.redhat.com/show_bug.cgi?id=441808
by: Panu Matilainen
Sure there's an API of sorts for this in librpmbuild (even if
it's not exactly very sane or friendly to use), ...
NOTABUG in the sense that couple of ways to access this data
do exist. There are plans to provide a saner API for the build
parts for rpm (including python bindings), but that's way way
out of scope for RHEL 5.
===================================================
well ... Where ARE the asserted 'plans to provide a saner API
for the build parts for rpm (including python bindings)' What
else is slated to be cut out of RPM as 'Remove ancient,
deprecated APIs'?
I sure don't see them in a form suseptible to implementation
or comment anywhere at http://www.rpm.org/ -- all I see is
these days is one developer from one company with a
non-visible plan on this tine of the fork.
-- Russ herrold
More information about the Rpm-maint
mailing list