Date: Thu, 26 Dec 2013 12:41:31 +0100 From: Baptiste Daroussin <bapt@FreeBSD.org> To: Peter Jeremy <peter@rulingia.com> Cc: freebsd-current <freebsd-current@freebsd.org>, Steve Kargl <sgk@troutmask.apl.washington.edu> Subject: Re: PACKAGESITE spam Message-ID: <20131226114131.GH40122@ithaqua.etoilebsd.net> In-Reply-To: <20131226111644.GA46781@server.rulingia.com> References: <52B5DF8C.5050204@gmx.com> <20131221200538.GA60827@troutmask.apl.washington.edu> <alpine.BSF.2.00.1312220840400.1072@Ace.nina.org> <52B7432D.3070106@bluerosetech.com> <20131226111644.GA46781@server.rulingia.com>
next in thread | previous in thread | raw e-mail | index | archive | help
--X+8siUETKMkW99st Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Thu, Dec 26, 2013 at 10:16:44PM +1100, Peter Jeremy wrote: > On 2013-Dec-22 11:53:17 -0800, Darren Pilgrim <list_freebsd@bluerosetech.= com> wrote: > >Because of that deinstall log. When you use `pkg install` to upgrade a= =20 > >port, you get something like this: > > > >Jul 10 23:06:40 chombo pkg-static: ca_root_nss-3.15.1 installed > >Nov 29 15:04:52 chombo pkg: ca_root_nss reinstalled: 3.15.2_1 > > > >That information does not exist in the pkg database. >=20 > I agree that's a serious bug/regression in the pkg database: With the > old pkg system, I could tell when a port was installed by looking at > the timestamps on the +COMMENT file. The install time is needed to > answer questions like "does this entry in UPDATING affect me" (ie have > I rebuilt the port since the entry date). It's something I used > regularly and its absence is a PITA. You can still query from the package database about the installation time. With the ancient system you had no way to determine if something was reinst= alled You add no way to determine if it was an upgrade=20 You add no way to fihure out what something was removed. >=20 > I shouldn't need to rummage through /var/log/messages - and in any case, > by default FreeBSD only keeps 500K of messages history (about a month > in my case) so the information has probably rotated into the bit bucket. >=20 > I agree that having a pkg audit trail would be useful. Unfortunately, > what we have today is not an audit trail and isn't especially useful. it is an audit trail, it is very useful in lots of cases as I spotted befor= e, and it is also mandatory for some security certification in that form preci= sely. You want other cases, here is 2 others very very usual cases? Determine what has been done when managing a farm of servers with puppet,cfengine,salt,anssible and friens. Determine what has been done when you have multiple admins on your servers regards, Bapt --X+8siUETKMkW99st Content-Type: application/pgp-signature -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.15 (FreeBSD) iEYEARECAAYFAlK8FeoACgkQ8kTtMUmk6EyDUgCgoYiGcW99JOkR1V9ydU2Gln+l qvwAoKYpa/U8+/bPaeG4bCJhg+T/QOr4 =Gp2B -----END PGP SIGNATURE----- --X+8siUETKMkW99st--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20131226114131.GH40122>