Mailinglist Archive: zypp-devel (70 mails)
| < Previous | Next > |
Re: [zypp-devel] Re: [zypp-commit] r7726 - in /trunk/sat-solver: src/solver.c testsuite/deptestomatic.c tools/repo_content.c
- From: Klaus Kaempf <kkaempf@xxxxxxx>
- Date: Wed, 31 Oct 2007 15:08:11 +0100
- Message-id: <20071031140811.GA15599@xxxxxxxxxxxxx>
* Stephan Kulow <coolo@xxxxxxx> [Oct 31. 2007 13:36]:
Depends on the application <-> solver interface and where the
'access granted' decision is taken. According to security, this
decision must not be taken by the application.
So you have to enforce the 'do not downgrade' policy somewhere
outside of the application.
Klaus
--
To unsubscribe, e-mail: zypp-devel+unsubscribe@xxxxxxxxxxxx
For additional commands, e-mail: zypp-devel+help@xxxxxxxxxxxx
Then the application doing the update shouldn't INSTALL_SOLVABLE a solvable
For the use case of "non-root user has rights to install updates",
updates must be strictly monotic increasing. Otherwise its a security
hole since this user could install older software with known risks.
it knows should not be installed. Hardly job of the solver.
Depends on the application <-> solver interface and where the
'access granted' decision is taken. According to security, this
decision must not be taken by the application.
So you have to enforce the 'do not downgrade' policy somewhere
outside of the application.
Klaus
--
To unsubscribe, e-mail: zypp-devel+unsubscribe@xxxxxxxxxxxx
For additional commands, e-mail: zypp-devel+help@xxxxxxxxxxxx
| < Previous | Next > |