[Demi-devel] Screen shots

[John Morrissey]

On Tue, Mar 08, 2005 at 07:30:12AM +1100, Andrew Pollock wrote:
> Hmm. I was trying to make the client requirements as lightweight as
> possible, which is why I was pulling the /var/lib/dpkg/status file via
> SSH. No new holes to poke in firewalls, excrypted channel with strong
> authentication for little extra effort.

An SSH transport is on my todo list, but I figured it'd be quicker to
initially use the python-apt bindings instead of parsing
/var/lib/dpkg/status by hand. I could argue either way; SSH giving free
encryption and authentication, XML-RPC giving a well-defined interface and
avoiding remote root access (unless you invoke a setuid wrapper, or limit
remote root access with a command-limited public key, but I'm getting back
into arguing either way again). Ultimately, I suppose it'll be up to end
user preference.

> So the client would do an apt-get? The scenario that made me want to build
> this in the first place was one where the clients didn't have external
> access, only the central server in the management zone, so the management
> server would suck down the packages and push them out to the client.

Eventually it could support pushing packages to clients; in the short-term,
having clients fetch packages themselves will probably get the code working
quicker. The only major difference is placing the package (plus
dependencies) in /var/cache/apt/archives/ so it's already downloaded on the
client. I admit I'm biased on this, since our machines have access to a
local mirror.

john
-- 
John Morrissey          _o            /\         ----  __o
jwm@horde.net        _-< \_          /  \       ----  <  \,
www.horde.net/    __(_)/_(_)________/    \_______(_) /_(_)__