My primary concern was with the confused double duty of the shell quoting -- sometimes it was being used to protect an input from a user, and sometimes it was being used to transmit scripts to remote peers.
I really hope to see something akin to sql prepared statements in juju that use the class system to enforce proper quoting of inputs when they must be used as an argument to a command, so that ad hoc constructions aren't scattered throughout the codebase. Replacing juju-backup sounds like an improvement, but that was just one instance of the above complaint. Embedding sudo into the program to avoid running the entire bootstrap process as root does make sense, but I do wonder if unprivileged lxc containers would be more appropriate at this point. It still seems like a large assumption about how sudo can be used on the juju host -- perhaps it is fair to say the juju host must be dedicated to the task, but it'd be nice to see that spelled out explicitly. I'll ask Tyler to look at our backlog and fit this in where we can. Thanks. -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to golang in Ubuntu. https://bugs.launchpad.net/bugs/1267393 Title: [MIR] juju-core, juju-mongodb, gccgo, golang To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/gccgo-5/+bug/1267393/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
