From owner-dev-commits-src-main@freebsd.org Thu Dec 31 18:35:13 2020 Return-Path: Delivered-To: dev-commits-src-main@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id 0496A4CAF87; Thu, 31 Dec 2020 18:35:13 +0000 (UTC) (envelope-from bjkfbsd@gmail.com) Received: from mail-ot1-x32e.google.com (mail-ot1-x32e.google.com [IPv6:2607:f8b0:4864:20::32e]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (2048 bits) client-digest SHA256) (Client CN "smtp.gmail.com", Issuer "GTS CA 1O1" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4D6Gzh6V5Lz3QHN; Thu, 31 Dec 2020 18:35:12 +0000 (UTC) (envelope-from bjkfbsd@gmail.com) Received: by mail-ot1-x32e.google.com with SMTP id n42so18590293ota.12; Thu, 31 Dec 2020 10:35:12 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=BGnLJuSUk63Bik6bcg2FM3EJXIfw+U854rPDOdXdZRY=; b=nJVxGDr2h+cC23f07f94SgYnt7pg8ggGQcE0H5oxIqdJA0tff8xHtAy45wnfE84yTp +aEqhWP2xAXbXpnfPov0j9vswLFfS40B3rGa65r8BfS7ChTcJNsP45OpoUUK3wrmq7S9 WvMjsY011qKbuL3ajjzMAsi+7ociWT09n8OogbkZXtH6ZmKnUBDPlum+zUhZsmSrPiEa R/U1rrzS5d0cIcGlmjfDEoPrEstHsguyjF589kxjlMliThJOXzl7D0tCcuRCNMC2IC9+ C7pZqqdAKai0U4jBU6GKUDAV26weE1Dosm/G9UswpC27KYL0GYlwNMUTIXiBYdjeTjHF drGQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=BGnLJuSUk63Bik6bcg2FM3EJXIfw+U854rPDOdXdZRY=; b=Ghv2d7An1WtXugtv76wOhHM7EZaLsP7ejHSw8GYG2Sl4rISBEo7KbTUda7B8Ami9mX A+qlhJZ1v061KB2dKTf/vyKgdJVYK3ppC7vKzFKYXm4D9MscCaCrAumMZqHj6OiN+yYi hGwcfm89CLOMbFudCUPjtlFZN+e6ruKaCK4xbUgragzrSnvCJCsNcz76RCzJzMFuNPcj Y1SysRS8uk3fdmwPMzNjaqFg5kCrAHWnatYB83SWSJmEZEC6E4IDGGTrNIUCDNwryFtx ziMYX5W+0CQi+i4qLGmK7WYlHwkLleONzTGo1y1maaZlytLT/cRHuUv5mc6G/tRZVDNw 7JJw== X-Gm-Message-State: AOAM530gAaPvn/oZ963HTmhR/OIXQbR0f01MEu8K/iPeNjLIj6tLcyLG /okfqYEvwraBvY2GmbGHKtsWwwTe9i5lnC8v0epb1JciLaM= X-Google-Smtp-Source: ABdhPJwW1OmESjJetLdrqcHu1szC72ybzOC1mqZv+CcfQk6J8cN7HhOM9f7mT0aXhCHlsuWAo1pf/KLpUsd7dtrJtvM= X-Received: by 2002:a9d:3645:: with SMTP id w63mr41463405otb.117.1609439711761; Thu, 31 Dec 2020 10:35:11 -0800 (PST) MIME-Version: 1.0 References: <202012302118.0BULIuGd083574@gndrsh.dnsmgr.net> In-Reply-To: From: Benjamin Kaduk Date: Thu, 31 Dec 2020 10:35:01 -0800 Message-ID: Subject: Re: git: 70e64ba44941 - main - release.sh: Update GITROOT URL To: John Baldwin Cc: "Rodney W. Grimes" , Ryan Libby , Warner Losh , Glen Barber , Kyle Evans , src-committers , dev-commits-src-all@freebsd.org, dev-commits-src-main@freebsd.org X-Rspamd-Queue-Id: 4D6Gzh6V5Lz3QHN X-Spamd-Bar: ---- Authentication-Results: mx1.freebsd.org; none X-Spamd-Result: default: False [-4.00 / 15.00]; REPLY(-4.00)[] Content-Type: text/plain; charset="UTF-8" X-Content-Filtered-By: Mailman/MimeDel 2.1.34 X-BeenThere: dev-commits-src-main@freebsd.org X-Mailman-Version: 2.1.34 Precedence: list List-Id: Commit messages for the main branch of the src repository List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 31 Dec 2020 18:35:13 -0000 On Thu, Dec 31, 2020 at 10:25 AM John Baldwin wrote: > On 12/30/20 1:18 PM, Rodney W. Grimes wrote: > > Take for example all the files in /etc, these files can easily > > at present often be tracked back to exactly what release installed > > them cause the $FreeBSD$ points you at it. These files are often > > modified by local administrators, and with out knowing what version > > they started out it is a crap shoot to ever figure it out unless > > the local mods are minor and you get lucky. > > > > Contractors are some times hired to go in and upgrade or clean up > > after someone else did work, and not having this information and > > telling them to go dig in git to try and figure out the state of > > there system is pretty much a non-started, well at least it is for > > me. > > Have you seen 'etcupdate diff'? With pkgbase I'm hopeful we will > have a similar 'pkg confdiff' type functionality (for ports as well as > base) where packages keep stock config files around while installed > that existing ones can be compared against (and that can be used for > 3 way merges during upgrades similar to what etcupdate does). > > (etcupdate diff is explicitly designed due to experience in sysadmin > mode and etcupdate in general is designed with the goal of rolling > out new snapshots to fleets of machines requiring minimal user > intervention) > > More generally I would make the analogy to keeping metadata about a given data object in-band with the data vs. separately tracked. Generally, the in-band data cannot be authenticated very well and can be malleable, letting the metadata get out of sync with the data both when the data is modified and when the metadata is modified. It's generally easier to build robust and secure systems when the metadata is tracked separately from the data itself. This is the general model that etcupdate fits into (keeping a pristine copy of the file along with versioning/identification information), as well as puppet and similar fleet-management tools. In the latter case the expected configuration and versioning is tracked and authenticated centrally, and any local modifications or deviations from the expected state can be flagged for follow-up. -Ben