Re: Some ostree observations



Hi Florian,

This is exactly the kind of thorough and uncompromising review that I knew you'd give, and why I asked you specifically =)  It's the kind of review I need to show OSTree can stand up to.

I'm going to split this into 3 sections:

 - Security and reliabilty aspects of the core OSTree model, such as the fact of the refs not being under the GPG signature
  I'll make sure all of these have bugs.

 - Non-security bugs of OSTree, such as the switch command semantics
  Will address these after the first.

 - Bugs specifically with the content of rpm-ostree, such as ssh key generation coming before random initialization ( This one almost certainly is a generic Fedora bug, not something related to OSTree itself )
  I'll gather these somewhere...probably the rpm-ostree TODO.

Will reply to this mail again in more detail in a bit.  I just wanted to let you know that this review is very much appreciated and I will take action as fast as I can to fix things!



[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]