Mongo packaging
Julian Edwards
julian.edwards at canonical.com
Wed Jan 16 01:01:40 UTC 2013
On Tuesday 15 Jan 2013 16:06:38 John Arbash Meinel wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> On 2013-01-15 15:49, Gustavo Niemeyer wrote:
> > Hi Julian,
> >
> > On Tue, Jan 15, 2013 at 1:13 AM, Julian Edwards
> >
> > <julian.edwards at canonical.com> wrote:
> >> I noticed that currently the version of Mongo required sits as a
> >> compiled binary in a public location downloaded over http.
> >
> > There's actually no reason not to use https, even though at this
> > point this wouldn't offer a whole lot since the full interaction
> > happens within Amazon's network. What we should really do in the
> > medium term, though, is to sign all those files in the public
> > bucket.
>
> I think he's actually talking about the "you need to install mongod
> onto your development machine in order to run juju tests". Which does
> (currently) require getting a binary from amazon (or using Julian's PPA).
>
> John
> =:->
Right, that's pretty much it.
>
> >> Can I suggest that you copy this to the juju PPA and make it a
> >> dependency. If you want, it's trivial to stop it running as a
> >
> >> service by doing this:
> > It's not clear what the suggestion actually is. We don't need
> > mongodb on the client side of juju, and the server side doesn't
> > download juju or MongoDB from a PPA.
> >
> > Please also note that when doing any changes to that scheme, we
> > must have in mind the full spectrum of use cases we're working on
> > (non-Ubuntu, for example).
I don't know Juju well enough to come up with anything more useful, sorry. But
at the very least, I hope everyone sees the problem with unauditable binary
executables.
Cheers.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.ubuntu.com/archives/juju-dev/attachments/20130116/99047843/attachment-0001.html>
More information about the Juju-dev
mailing list