Re: [atomic-devel] Enabling motd feature

[Colin Walters <walters verbum org>]

Hi,

On Wed, Apr 6, 2016, at 06:36 AM, Kushal Das wrote:
> Hi,
> 
> As part of F24 changes, rtnpro worked on the motd[1] change. We need
> someone to commit on the fedora-atomic side to include the package [2],

FWIW the fedora-atomic git repo migrated to 
https://pagure.io/fedora-atomic
where it can get pagure PRs.

That said I have some detailed and high level concerns.

The detailed concerns are a security issue and a buglet:
https://github.com/rtnpro/fedora-motd/issues?utf8=%E2%9C%93&q=is%3Aissue+author%3Acgwalters+

The high level concern is having this functionality live
outside of the update system and the login system
is rather awkward.  I really don't like calling into rpm-ostreed from
inside every PAM login.

Among other reasons, the first ssh login might e.g. be ansible
trying to configure the host, and having rpm-ostreed be spun
up for that when the administrator might actually want to do
something else is problematic - the check-updates will
block whatever action they want to take (e.g. rpm-ostree rebase).

The way it hooks into dnf is a bit better from this perspective.  But
since rpm-ostree is already a daemon, it might be simplest to
have it just write out the required data in /run/rpm-ostree/bash-check-updates
only after the administrator requests an update once or so?