Date: Sat, 21 Dec 2013 23:14:39 +0100 From: Baptiste Daroussin <bapt@FreeBSD.org> To: Steve Kargl <sgk@troutmask.apl.washington.edu> Cc: freebsd-current@freebsd.org, Darren Pilgrim <list_freebsd@bluerosetech.com> Subject: Re: PACKAGESITE spam Message-ID: <20131221221439.GA59524@ithaqua.etoilebsd.net> In-Reply-To: <20131221213959.GA61238@troutmask.apl.washington.edu> References: <52B5DF8C.5050204@gmx.com> <20131221200538.GA60827@troutmask.apl.washington.edu> <20131221201026.GB1730@glenbarber.us> <20131221201403.GB60827@troutmask.apl.washington.edu> <alpine.BSF.2.00.1312211450130.5630@badger.tharned.org> <20131221210553.GA61158@troutmask.apl.washington.edu> <52B60727.8090001@bluerosetech.com> <20131221213959.GA61238@troutmask.apl.washington.edu>
index | next in thread | previous in thread | raw e-mail
[-- Attachment #1 --] On Sat, Dec 21, 2013 at 01:39:59PM -0800, Steve Kargl wrote: > On Sat, Dec 21, 2013 at 01:24:55PM -0800, Darren Pilgrim wrote: > > On 12/21/2013 1:05 PM, Steve Kargl wrote: > > > On Sat, Dec 21, 2013 at 02:54:39PM -0600, Greg Rivers wrote: > > >> On Sat, 21 Dec 2013, Steve Kargl wrote: > > >> > > >>> It did not ask how to stop this stupidity. I asked to have this > > >>> stupidity stopped by default. The spewing of this information in > > >>> /var/log/messages provides NOTHING. Please turn it off by default. > > >>> > > >> > > >> Do you really feel that strongly about it? Having a record of changes to > > >> the system has always seemed like a feature to me... > > >> > > > > > > Yes, I do feel strongly about it. It is completely unnecesary noise. > > > It should be off by default. If someone wants to fill /var up with > > > useless information, then that someone can turn on the noise. > > > > It's about what's safe in the common case. There are significant > > security risks inherent in pkg's activities, so having a written > > external record is the safe option. > > > > I don't buy the "fill up /var" argument. If your /var is so small that > > pkg's logging risks filling it up, why are you not logging to an > > external syslog server? There are much more voluminous sources of logs > > on a FreeBSD system. > > It has nothing to do with the size of /var, really. It is completely > useless information. You want to know what package are installed, use > 'pkg info'. Packages do not spontaneously install themselves. If > your system is so insecure that you are worried that some unpriveleged > user installed a package, you have bigger problems. > > -- > steve > > > -- > Steve > _______________________________________________ > freebsd-current@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-current > To unsubscribe, send any mail to "freebsd-current-unsubscribe@freebsd.org" this has been done and activated for reason, first for lot of companies, it is important (PCI DSS requirement for example), secondly I receive tons of request to actiavte on by default while you are the first to request it off by default Bapt [-- Attachment #2 --] -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.15 (FreeBSD) iEYEARECAAYFAlK2Es8ACgkQ8kTtMUmk6Ex1ZwCgmiPNlqvN35iyggoCJKJGES9N njQAni/ltqr8m664A4erzvCUT3dbQEPf =k2A9 -----END PGP SIGNATURE-----help
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20131221221439.GA59524>