No subject
Thu Aug 20 06:46:28 UTC 2009
automated process before accepting packages, even when puppet isn't
installed, but Luke seemed to think that was rather problematic at the
moment.
The problem appears to be people's tests pulling in other requires that may
come from the system ruby path, particularly if they're having to test
something that requires supporting libraries that do not exist in the puppet
tree itself.
I don't see a good way around this, but absolutely agree with shipping the
test suite as a separate package.
>
> I thought we could roll all of these in with the package splitting that
> Stig
> was proposing to do.
>
> Unrelated, Luke seemed to think that Puppet 1.0 would be out within the
> timeframe that Ubuntu 10.04 is going to feature freeze. Whether we want to
> race to ship that in Debian and Ubuntu within that timeframe is another
> question though...
>
> regards
>
> Andrew
>
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.4.6 (GNU/Linux)
>
> iD8DBQFLAt/vIblXXKfZFgIRAhrZAJwJAaB0XnIT71hwDFqwK1OB8B49HQCfW+Pg
> QJWF8WTYBajX6EANL6ipnXQ=
> =smu2
> -----END PGP SIGNATURE-----
>
> _______________________________________________
> Pkg-puppet-devel mailing list
> Pkg-puppet-devel at lists.alioth.debian.org
> http://lists.alioth.debian.org/mailman/listinfo/pkg-puppet-devel
>
>
--001517741218e9837204789542cd
Content-Type: text/html; charset=ISO-8859-1
Content-Transfer-Encoding: quoted-printable
<br><br><div class=3D"gmail_quote">2009/11/17 Andrew Pollock <span dir=3D"l=
tr"><<a href=3D"mailto:apollock at debian.org">apollock at debian.org</a>><=
/span><br><blockquote class=3D"gmail_quote" style=3D"margin:0 0 0 .8ex;bord=
er-left:1px #ccc solid;padding-left:1ex;">
Hi,<br>
<br>
Nigel and I are at the Ubuntu Developer Summit this week, as is Luke Kanies=
.<br>
<br>
We were having a bit of chat with Mathias Gug from Canonical's Ubuntu S=
erver<br>
team.<br>
<br>
Ubuntu is getting all onboard with Puppet integration, and they want to mov=
e<br>
Puppet from Universe to Main, but there's a few issues their security t=
eam<br>
has with the Puppet packages as they currently stand.<br>
<br>
Specifically:<br>
<br>
1) The Puppet client daemon starts automatically on install<br>
<br>
Given this reaches out and talks to a host called "puppet" this w=
as deemed<br>
as a security issue (Not unreasonably so IMO). Given that a Puppet client<b=
r>
generally requires some configuration before it's usable, I don't t=
hink it's<br>
unreasonable to not try to start Puppet automatically. I was thinking of<br=
>
setting START=3Dno in /etc/default/puppet to address this.<br>
<br>
2) Permissions on /var/lib/puppet/state<br>
<br>
Upon inspection, I'm not quite sure what the problem is here. The Ubunt=
u<br>
modification just explicitly sets the owner and group. I don't have a<b=
r>
vanilla Ubuntu install handy to compare the ownership of this directory wit=
h<br>
what the Debian package creates.<br>
<br>
Additionally:<br>
<br>
Ubuntu is also shipping the test suite as a separate package, and fixing th=
e<br>
Rakefile so that it's runnable. I think the desire was to be able to ru=
n the<br>
test suite on a local installation of Puppet.<br></blockquote><div><br></di=
v><div>From my understanding they want to be able to run the test suite as =
an automated process before accepting packages, even when puppet isn't =
installed, but Luke seemed to think that was rather problematic at the mome=
nt.</div>
<div><br></div><div>The problem appears to be people's tests pulling in=
other requires that may come from the system ruby path, particularly if th=
ey're having to test something that requires supporting libraries that =
do not exist in the puppet tree itself.</div>
<div><br></div><div>I don't see a good way around this, but absolutely =
agree with shipping the test suite as a separate package.</div><div>=A0</di=
v><blockquote class=3D"gmail_quote" style=3D"margin:0 0 0 .8ex;border-left:=
1px #ccc solid;padding-left:1ex;">
<br>
I thought we could roll all of these in with the package splitting that Sti=
g<br>
was proposing to do.<br>
<br>
Unrelated, Luke seemed to think that Puppet 1.0 would be out within the<br>
timeframe that Ubuntu 10.04 is going to feature freeze. Whether we want to<=
br>
race to ship that in Debian and Ubuntu within that timeframe is another<br>
question though...<br>
<br>
regards<br>
<font color=3D"#888888"><br>
Andrew<br>
</font><br>-----BEGIN PGP SIGNATURE-----<br>
Version: GnuPG v1.4.6 (GNU/Linux)<br>
<br>
iD8DBQFLAt/vIblXXKfZFgIRAhrZAJwJAaB0XnIT71hwDFqwK1OB8B49HQCfW+Pg<br>
QJWF8WTYBajX6EANL6ipnXQ=3D<br>
=3Dsmu2<br>
-----END PGP SIGNATURE-----<br>
<br>_______________________________________________<br>
Pkg-puppet-devel mailing list<br>
<a href=3D"mailto:Pkg-puppet-devel at lists.alioth.debian.org">Pkg-puppet-deve=
l at lists.alioth.debian.org</a><br>
<a href=3D"http://lists.alioth.debian.org/mailman/listinfo/pkg-puppet-devel=
" target=3D"_blank">http://lists.alioth.debian.org/mailman/listinfo/pkg-pup=
pet-devel</a><br>
<br></blockquote></div><br>
--001517741218e9837204789542cd--
More information about the Pkg-puppet-devel
mailing list