1 |
On Sat, Jan 12, 2013 William Hubbs wrote: |
2 |
> Steven J. Long wrote: |
3 |
> > Obviously it's good to have the functionality should you need it, but |
4 |
> > again it appears that simple cases are being made complex, just to allow |
5 |
> > for someone else's complex cases. Which is faulty logic. |
6 |
> > |
7 |
> > While many packages have default configurations, changing the default |
8 |
> > setup for base system packages in the absence of any configuration is |
9 |
> > not generally a good idea, unless you know for a fact it's not going to |
10 |
> > mess anything up (which is a big ask given that you're distributing |
11 |
> > source.) |
12 |
> > |
13 |
> > Especially given the arguments presented as a motivation, that all this |
14 |
> > has "serious security implications, for example in firewall rules which |
15 |
> > are coded for certain naming schemes, and which are hence very sensitive |
16 |
> > to unpredictable changing names." |
17 |
> |
18 |
> Isn't this the very definition of the kernel-based names? |
19 |
|
20 |
Not if you read what Christopher wrote in his reply to you: |
21 |
|
22 |
> > Christopher Head wrote: |
23 |
> > > But given a |
24 |
> > > simple computer with just one NIC, if the NIC fails and is replaced |
25 |
> > > (perhaps by a different type of NIC in a different slot, or perhaps an |
26 |
> > > onboard NIC disabled in the BIOS and replaced by an add-in), the name |
27 |
> > > could change, while the kernel's automatically assigned name will not: |
28 |
> > > eth0 (this also applies to a computer with one Ethernet NIC and one |
29 |
> > > wifi NIC: eth0 and wlan0). That fact was never mentioned on the wiki. |
30 |
|
31 |
Amazingly convenient. Anyone would think the kernel devs had gone through this |
32 |
themselves! ;) |
33 |
|
34 |
IME that setup describes pretty much every end-user desktop or laptop computer |
35 |
I've come across, except the *very* occasional analyst with 2 NICs, and users |
36 |
I don't count as end-users-- in whose name all the awful hackage is supposedly |
37 |
carried out. |
38 |
|
39 |
> if you do not |
40 |
> have a persistent net rules file, you are subject to the kernel's naming |
41 |
> order, and I have heard of situations in the past when people upgrade |
42 |
> their kernels, etc, and when they reboot their interface names are |
43 |
> changed around. |
44 |
|
45 |
Yes, I've heard of that too, and I'm all for giving them the ability to |
46 |
set things up exactly how they like, just like I've always been in favour |
47 |
of an initrd *if* you need it (or are a binary distro.) Granted that's always |
48 |
meant encrypted rootfs to me, but a bluetooth keyboard is just as valid: it's |
49 |
the user's choice/system, give them what they need to set it up and run it (and |
50 |
leave you alone.) |
51 |
|
52 |
What I'm not in favour of is making the simple cases more difficult, to deal |
53 |
with the complex ones. It's completely brain-dead thinking. |
54 |
|
55 |
More importantly, advances in the code don't change the principle: |
56 |
you don't break backward compatibility for a default install; |
57 |
you don't require people to opt into anything in order to keep their |
58 |
existing config running, MOST especially if they have not even tweaked anything. |
59 |
You put out the last version, so if something's not supported in the new one, |
60 |
you write code to handle the change gracefully, if it's needed. |
61 |
|
62 |
Or you get a well-earnt basting. |
63 |
|
64 |
I guess in distro context you have to allow: unless it's a whole new |
65 |
package, or at worst a major version change. But the principle still |
66 |
applies, *more* stringently to a coder than a distro packager, irrespective |
67 |
of how people learning nowadays might carry on. |
68 |
|
69 |
Or just give up any pretence of caring about your users (and where I come |
70 |
from, the majority of the pay that you nearly burnt-out to earn, since you |
71 |
have to cover another 2 or 3 months of remedial work caused by your own |
72 |
stupidity.) |
73 |
|
74 |
> > If you're certain that every user with a current simple setup, who |
75 |
> > uses the kernel default names, and has such a firewall setup isn't |
76 |
> > going to suddenly find their interface name changed when they reboot, |
77 |
> > fair play to you. If not, allow the admin to opt-in, rather than force |
78 |
> > them to opt-out when something breaks. |
79 |
> |
80 |
> The following is taken from the wiki: |
81 |
> |
82 |
> You basically have three options: |
83 |
<3 options that all require an admin opt-in to keep their existing |
84 |
config running> |
85 |
|
86 |
There you go: the exact wrong way to do it. As Poettering might say: |
87 |
"C'mon man, seriously? (whiny voice and pleading looks)" |
88 |
|
89 |
Honestly, the guy's a complete amateur. |
90 |
-- |
91 |
#friendly-coders -- Where you can unwind when some nub starts throwing |
92 |
the word "integration" around. |