From owner-freebsd-current@FreeBSD.ORG Thu Dec 26 11:41:36 2013 Return-Path: Delivered-To: freebsd-current@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id 2199B71E for ; Thu, 26 Dec 2013 11:41:36 +0000 (UTC) Received: from mail-wi0-x235.google.com (mail-wi0-x235.google.com [IPv6:2a00:1450:400c:c05::235]) (using TLSv1 with cipher ECDHE-RSA-RC4-SHA (128/128 bits)) (No client certificate requested) by mx1.freebsd.org (Postfix) with ESMTPS id 867BE1898 for ; Thu, 26 Dec 2013 11:41:35 +0000 (UTC) Received: by mail-wi0-f181.google.com with SMTP id hq4so8589171wib.2 for ; Thu, 26 Dec 2013 03:41:33 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=sender:date:from:to:cc:subject:message-id:references:mime-version :content-type:content-disposition:in-reply-to:user-agent; bh=tjMQFLzIjy+Z12DYj03xiDwUg3mbVo/yiwnGx51ztt8=; b=Xi6RDgu6cCsGRI7kllg5Gbt8Rk75SEWooei5IOCxLJAqXXM+Zbbs1PNueOetZs2F9V IO1P939Jt38Y5UlhdGKDvzXsh++/9ODtw8QE1+0/5pjvU+NY8V+FgwQYK4ldbYwA26NJ Rkbs6WJrYGjjDvxx09gZDgtTFbpjqbbVX5BegEMmtKfCI6alo/0QvYQcXhgsiVFDXQ5U mANwjFs4Pgl3NbqoPHA6xmvRYOP2pL6A/UEDf1lagjf/kfmDd7VaoLYdVDcQONqSi/JM t3h9et+MB09qQ7rsKfnnO0JT0K/KcMxGasHFK+jO/zbAm5qNVPWtHDfH7qfDWDsQ6woN 2ehw== X-Received: by 10.180.207.239 with SMTP id lz15mr28949663wic.28.1388058093723; Thu, 26 Dec 2013 03:41:33 -0800 (PST) Received: from ithaqua.etoilebsd.net (ithaqua.etoilebsd.net. [37.59.37.188]) by mx.google.com with ESMTPSA id c1sm16697166wje.4.2013.12.26.03.41.32 for (version=TLSv1 cipher=RC4-SHA bits=128/128); Thu, 26 Dec 2013 03:41:32 -0800 (PST) Sender: Baptiste Daroussin Date: Thu, 26 Dec 2013 12:41:31 +0100 From: Baptiste Daroussin To: Peter Jeremy Subject: Re: PACKAGESITE spam Message-ID: <20131226114131.GH40122@ithaqua.etoilebsd.net> References: <52B5DF8C.5050204@gmx.com> <20131221200538.GA60827@troutmask.apl.washington.edu> <52B7432D.3070106@bluerosetech.com> <20131226111644.GA46781@server.rulingia.com> MIME-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="X+8siUETKMkW99st" Content-Disposition: inline In-Reply-To: <20131226111644.GA46781@server.rulingia.com> User-Agent: Mutt/1.5.21 (2010-09-15) Cc: freebsd-current , Steve Kargl X-BeenThere: freebsd-current@freebsd.org X-Mailman-Version: 2.1.17 Precedence: list List-Id: Discussions about the use of FreeBSD-current List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 26 Dec 2013 11:41:36 -0000 --X+8siUETKMkW99st Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Thu, Dec 26, 2013 at 10:16:44PM +1100, Peter Jeremy wrote: > On 2013-Dec-22 11:53:17 -0800, Darren Pilgrim wrote: > >Because of that deinstall log. When you use `pkg install` to upgrade a= =20 > >port, you get something like this: > > > >Jul 10 23:06:40 chombo pkg-static: ca_root_nss-3.15.1 installed > >Nov 29 15:04:52 chombo pkg: ca_root_nss reinstalled: 3.15.2_1 > > > >That information does not exist in the pkg database. >=20 > I agree that's a serious bug/regression in the pkg database: With the > old pkg system, I could tell when a port was installed by looking at > the timestamps on the +COMMENT file. The install time is needed to > answer questions like "does this entry in UPDATING affect me" (ie have > I rebuilt the port since the entry date). It's something I used > regularly and its absence is a PITA. You can still query from the package database about the installation time. With the ancient system you had no way to determine if something was reinst= alled You add no way to determine if it was an upgrade=20 You add no way to fihure out what something was removed. >=20 > I shouldn't need to rummage through /var/log/messages - and in any case, > by default FreeBSD only keeps 500K of messages history (about a month > in my case) so the information has probably rotated into the bit bucket. >=20 > I agree that having a pkg audit trail would be useful. Unfortunately, > what we have today is not an audit trail and isn't especially useful. it is an audit trail, it is very useful in lots of cases as I spotted befor= e, and it is also mandatory for some security certification in that form preci= sely. You want other cases, here is 2 others very very usual cases? Determine what has been done when managing a farm of servers with puppet,cfengine,salt,anssible and friens. Determine what has been done when you have multiple admins on your servers regards, Bapt --X+8siUETKMkW99st Content-Type: application/pgp-signature -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.15 (FreeBSD) iEYEARECAAYFAlK8FeoACgkQ8kTtMUmk6EyDUgCgoYiGcW99JOkR1V9ydU2Gln+l qvwAoKYpa/U8+/bPaeG4bCJhg+T/QOr4 =Gp2B -----END PGP SIGNATURE----- --X+8siUETKMkW99st--