Re: [Pkg-puppet-devel] Wheezy update of puppet?

To: Jens Korte <korte@mailbox.org>, debian-lts@lists.debian.org
Cc: Debian LTS <debian-lts@lists.debian.org>
Subject: Re: [Pkg-puppet-devel] Wheezy update of puppet?
From: Antoine Beaupré <anarcat@orangeseeds.org>
Date: Tue, 27 Jun 2017 15:05:20 -0400
Message-id: <[🔎] 877ezxdzf3.fsf@curie.anarc.at>
In-reply-to: <[🔎] 20170627210221.7a366bc9b36923c4429f99b1@mailbox.org>
References: <20170521205352.GA773@inguza.net> <20170522204453.amyotrxfz56vsypl@marvin.dmesg.gr> <20170524095154.5ooj6inyeg643xas@marvin.dmesg.gr> <[🔎] 87shile8az.fsf@curie.anarc.at> <[🔎] 87mv8te5jv.fsf@curie.anarc.at> <[🔎] 20170627180807.kaq6hoe2vtzvabl6@bogon.m.sigxcpu.org> <[🔎] 20170627181733.4u4be5jtx5c4yzmu@marvin.dmesg.gr> <[🔎] 87a84te0te.fsf@curie.anarc.at> <[🔎] 20170627210221.7a366bc9b36923c4429f99b1@mailbox.org>

On 2017-06-27 21:02:21, Jens Korte wrote:
> On Tue, 27 Jun 2017 14:35:09 -0400
> Antoine Beaupré <anarcat@orangeseeds.org> wrote:
>
>> On 2017-06-27 21:17:33, Apollon Oikonomopoulos wrote:
>> > On 20:08 Tue 27 Jun     , Guido Günther wrote:
>> >> That sounds good to me especially if it's possible to toggle this so 
>> >> one
>> >> can e.g. first update all clients then disable accepting YAML on the
>> >> server.
>> >
>> > My thoughts exactly, it will be great if there's a configuration option 
>> > for turning off YAML.
>> 
>> Unfortunately, this is completely hardcoded in the source code, even in
>> newer releases. I would think it unwise to allow such a configuration in
>> wheezy since it would be ignored in later release.
>
> How about introducing a second package that provides the same as puppet but without YAML? It would not break the configuration later on and people can choose to install the old package with higher security.

That would be more inconvenient than fixing the actual YAML issue. It
would also break upgrades.

I would not support such a solution.

A.

-- 
Le péché est né avant la vertu, comme le moteur avant le frein.
                         - Jean-Paul Sartre

Reply to:

References:
- Re: [Pkg-puppet-devel] Wheezy update of puppet?
  - From: Antoine Beaupré <anarcat@orangeseeds.org>
- Re: [Pkg-puppet-devel] Wheezy update of puppet?
  - From: Antoine Beaupré <anarcat@orangeseeds.org>
- Re: [Pkg-puppet-devel] Wheezy update of puppet?
  - From: Guido Günther <agx@sigxcpu.org>
- Re: [Pkg-puppet-devel] Wheezy update of puppet?
  - From: Apollon Oikonomopoulos <apoikos@debian.org>
- Re: [Pkg-puppet-devel] Wheezy update of puppet?
  - From: Antoine Beaupré <anarcat@orangeseeds.org>
- Re: [Pkg-puppet-devel] Wheezy update of puppet?
  - From: Jens Korte <korte@mailbox.org>

Prev by Date: Re: [Pkg-puppet-devel] Wheezy update of puppet?
Next by Date: Re: samba: CVE-2017-9461: infinite loop on bad-symlink resolution
Previous by thread: Re: [Pkg-puppet-devel] Wheezy update of puppet?
Next by thread: puppet packages ready for testing
Index(es):
- Date
- Thread