[Demi-devel] Screen shots
John Morrissey
jwm@horde.net
Mon, 7 Mar 2005 15:50:34 -0500
On Tue, Mar 08, 2005 at 07:30:12AM +1100, Andrew Pollock wrote:
> Hmm. I was trying to make the client requirements as lightweight as
> possible, which is why I was pulling the /var/lib/dpkg/status file via
> SSH. No new holes to poke in firewalls, excrypted channel with strong
> authentication for little extra effort.
An SSH transport is on my todo list, but I figured it'd be quicker to
initially use the python-apt bindings instead of parsing
/var/lib/dpkg/status by hand. I could argue either way; SSH giving free
encryption and authentication, XML-RPC giving a well-defined interface and
avoiding remote root access (unless you invoke a setuid wrapper, or limit
remote root access with a command-limited public key, but I'm getting back
into arguing either way again). Ultimately, I suppose it'll be up to end
user preference.
> So the client would do an apt-get? The scenario that made me want to build
> this in the first place was one where the clients didn't have external
> access, only the central server in the management zone, so the management
> server would suck down the packages and push them out to the client.
Eventually it could support pushing packages to clients; in the short-term,
having clients fetch packages themselves will probably get the code working
quicker. The only major difference is placing the package (plus
dependencies) in /var/cache/apt/archives/ so it's already downloaded on the
client. I admit I'm biased on this, since our machines have access to a
local mirror.
john
--
John Morrissey _o /\ ---- __o
jwm@horde.net _-< \_ / \ ---- < \,
www.horde.net/ __(_)/_(_)________/ \_______(_) /_(_)__