Re: Barman - secure installation - any insights, comments etc.

Which can be a maintenance nightmare sometimes (just a heads up)

On Fri, Nov 29, 2013 at 5:14 PM, Payal Singh <payal(at)omniti(dot)com> wrote:

> If RPMs are giving trouble, try installing from source code instead.
>
> Payal Singh,
> OmniTi Computer Consulting Inc.
> Junior Database Architect,
> Phone: 240.646.0770 x 253
>
>
> On Fri, Nov 29, 2013 at 8:32 AM, Albe Laurenz <laurenz(dot)albe(at)wien(dot)gv(dot)at>wrote:
>
>> Austen Birchall wrote:
>> > We are currently looking at Barman and have just installed it on a test
>> server.
>> >
>> > However, our Sys Admin has said:
>> >
>> > A couple of notes though, the work order asks for the instructions
>> found at http://docs.pgbarman.org/
>> > be followed for installation. However they request that you add an
>> additional repository to the server
>> > in order to access the rpms. We cannot add additional repos to servers
>> and so to get the packages
>> > installed on the box they were downloaded manually on a desktop machine
>> and then moved to the server
>> > and installed locally. This method will not scale to production and
>> someone will need to take
>> > ownership of this piece of software and provide us with rpms (or
>> preferably in the long term a local
>> > repo containing them) ensuring that they have been provided by a
>> trusted source.
>> >
>> > I’ll be the first to admit that I don’t fully understand all aout rpms
>> etc. etc. so does anybody have
>> > any any insights, comments etc. on how to proceed here?
>>
>> I'd say that either an enterprise is small enough that they can
>> afford to distribute and install software manually or it
>> is big enough to have its own software distribution system.
>>
>> How do you distribute other software (like PostgreSQL) to your servers?
>>
>> Maybe I am missing something there, but what keeps you from adding the
>> RPMs from http://yum.postgresql.org/ to your own software distribution
>> system?
>>
>> So I don't understand this argument at all.
>>
>> The second argument ("ownership of the software", "trusted source")
>> sounds slightly like "it doesn't come from a large corporation, so we
>> don't trust it".
>>
>> Maybe I read that wrong, but it seems to call for skills in advocacy
>> more than anything else:
>> If you don't trust the RPMs, what reason do you have to trust the
>> source code behind it?
>> Why do you trust RedHat (or whatever vendor your Linux comes from)?
>> They don't own Linux.
>> But they are big, so they are trustworthy, right?
>> You sure?
>>
>> But of course you don't have to trust Barman, that's the point.
>> You can examine the source code to form your own opinion.
>> You can roll your own RPMs if the ones provided don't suit you
>> (that's not such a hard exercise).
>>
>> Yours,
>> Laurenz Albe
>>
>> --
>> Sent via pgsql-novice mailing list (pgsql-novice(at)postgresql(dot)org)
>> To make changes to your subscription:
>> http://www.postgresql.org/mailpref/pgsql-novice
>>
>
>