[Exherbo-dev] [RFC] A new approach to CONFIG_PROTECT
eternaleye at gmail.com
Mon Feb 20 02:46:10 UTC 2012
Ciaran McCreesh <ciaran.mccreesh at ...> writes:
> On Sun, 19 Feb 2012 20:31:50 +0000 (UTC)
> Alex Elsayed <eternaleye at ...> wrote:
> > > I'm slightly confused by your directory layout here. Let's say
> > > that /var/foo is also protected. Would that live in /var/foo/.c-p
> > > or /etc/.c-p/var/foo?
> > /var/foo/.c-p
> Wrong answer!
Well, I'm not wedded to that statement. If you think it would be better
to have *all* stuff that is config_protect share that same directory,
I'm perfectly fine with that.
> I think we need to be careful here. Replacing some of the silliness we
> inherited with config-protect is a good idea. What we don't want to do
> is tie config-protect into any particular user policy, particularly if
> that system is complicated and involves configuration management. The
> default should be something simple; being able to support fancy stuff
> on top of that is something a good design should allow, not something
> it should enforce.
> Perhaps a better question to ask is something like "how would we design
> config protection if it didn't already exist?". From the package
> mangler side there's probably not much difference here between having a
> choice of two mechanisms, or having one mechanism that's heavily
If it didn't exist, I *would* impose that chronological serialization
unequivocally. I think it just makes more sense to deal with any updates
that come from updating a package to version 2 on Wednesday before
dealing with an update to version 3 on Friday.
More information about the Exherbo-dev