PACKAGESITE spam
Baptiste Daroussin
bapt at FreeBSD.org
Thu Dec 26 11:41:36 UTC 2013
On Thu, Dec 26, 2013 at 10:16:44PM +1100, Peter Jeremy wrote:
> On 2013-Dec-22 11:53:17 -0800, Darren Pilgrim <list_freebsd at bluerosetech.com> wrote:
> >Because of that deinstall log. When you use `pkg install` to upgrade a
> >port, you get something like this:
> >
> >Jul 10 23:06:40 chombo pkg-static: ca_root_nss-3.15.1 installed
> >Nov 29 15:04:52 chombo pkg: ca_root_nss reinstalled: 3.15.2_1
> >
> >That information does not exist in the pkg database.
>
> I agree that's a serious bug/regression in the pkg database: With the
> old pkg system, I could tell when a port was installed by looking at
> the timestamps on the +COMMENT file. The install time is needed to
> answer questions like "does this entry in UPDATING affect me" (ie have
> I rebuilt the port since the entry date). It's something I used
> regularly and its absence is a PITA.
You can still query from the package database about the installation time.
With the ancient system you had no way to determine if something was reinstalled
You add no way to determine if it was an upgrade
You add no way to fihure out what something was removed.
>
> I shouldn't need to rummage through /var/log/messages - and in any case,
> by default FreeBSD only keeps 500K of messages history (about a month
> in my case) so the information has probably rotated into the bit bucket.
>
> I agree that having a pkg audit trail would be useful. Unfortunately,
> what we have today is not an audit trail and isn't especially useful.
it is an audit trail, it is very useful in lots of cases as I spotted before,
and it is also mandatory for some security certification in that form precisely.
You want other cases, here is 2 others very very usual cases?
Determine what has been done when managing a farm of servers with
puppet,cfengine,salt,anssible and friens.
Determine what has been done when you have multiple admins on your servers
regards,
Bapt
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 196 bytes
Desc: not available
URL: <http://lists.freebsd.org/pipermail/freebsd-current/attachments/20131226/54b580f9/attachment.sig>
More information about the freebsd-current
mailing list