1 |
On Thu, 20 Feb 2014 15:38:46 -0600 |
2 |
Canek Peláez Valdés <caneko@×××××.com> wrote: |
3 |
|
4 |
> On Thu, Feb 20, 2014 at 3:22 PM, Tanstaafl |
5 |
> <tanstaafl@×××××××××××.org> wrote: |
6 |
> > On 2014-02-20 4:04 PM, Canek Peláez Valdés <caneko@×××××.com> wrote: |
7 |
> >>> |
8 |
> >>> No, actually, I think whatever is defined as the current default |
9 |
> >>> should dictate which group should be required to do the work. |
10 |
> > |
11 |
> > |
12 |
> >> I think this is where we think differently (regarding this |
13 |
> >> particular point). The work must be done by *whomever* wants to do |
14 |
> >> the job. So if the systemd people want to do a profile that's fine |
15 |
> >> (and this already happened); but if they don't want to, nobody can |
16 |
> >> force them to do it (this is academic right now, since they |
17 |
> >> already did the [pretty trivial] work). |
18 |
> >> |
19 |
> >> If the systemd people did not wanted to do the job, then, since you |
20 |
> >> can't force them, the people *not* wanting systemd would be the |
21 |
> >> ones required to do it. And that makes absolutely no sense. |
22 |
> > |
23 |
> > |
24 |
> > I think we agree, but you keep saying we don't... ;) |
25 |
> > |
26 |
> > The difference is, since OpenRC is the default, all of the existing |
27 |
> > profiles are, by definition, OpenRC based profiles. So, people who |
28 |
> > don't want systemd simply have to do... nothing! |
29 |
> |
30 |
> OK, I see your point. |
31 |
> |
32 |
> > As I said before, it is people who want systemd who currently have |
33 |
> > to 'do something', and that is as it should be, unless/until the |
34 |
> > default of OpenRC is changed to systemd. |
35 |
> |
36 |
> Agreed. |
37 |
> |
38 |
> Regards. |
39 |
|
40 |
Been following along, jumping in late. |
41 |
|
42 |
That does settle the issue with regard to Gentoo 'defaults' for now. As |
43 |
I see it, if you are a desktop [l]user, then go ahead and use a quick |
44 |
systemd default. It's good enough. And Gnome folks, from what I |
45 |
understood, didn't have an easy opt-out choice, really. At least not |
46 |
easy enough for me to grok right away. |
47 |
|
48 |
Anyway, some arguments on the other branches of this thread got me |
49 |
thinking. Take the binary log files. This seems to be something we all |
50 |
understand to some extent (as compared to init systems, say), whether |
51 |
a tinkerer or enterprise user. There's now something corporate sitting |
52 |
between me and the evil crap coming out of my daemons. |
53 |
|
54 |
Who logs the loggers? |
55 |
|
56 |
My thought was, well, say if someone else, some other, unrelated team |
57 |
entirely, was maintaining a codebase for handling that logging data, |
58 |
that's a way out of the monoculture of systemd that would give some |
59 |
peace of mind. If they, as also smart, talented coders began to |
60 |
disagree, they might have capacity to keep the project in bounds. |
61 |
|
62 |
So, for the hell of it, I just went to have a look at what the deal |
63 |
might be with that binary data that hangs around and dumps to disk, |
64 |
maybe, in one format or another. |
65 |
|
66 |
"This document explains the basic structure of the file format on disk. |
67 |
We are making this available primarily to allow review and provide |
68 |
documentation. Note that the actual implementation in the systemd |
69 |
codebase is the only ultimately authoritative description of the |
70 |
format, so if this document and the code disagree, the code is right. |
71 |
That said we'll of course try hard to keep this document up-to-date and |
72 |
accurate. |
73 |
|
74 |
Instead of implementing your own reader or writer for journal files we |
75 |
ask you to use the Journal's native C API to access these files. It |
76 |
provides you with full access to the files, and will not withhold any |
77 |
data. If you find a limitation, please ping us and we might add some |
78 |
additional interfaces for you." |
79 |
|
80 |
From: |
81 |
|
82 |
http://www.freedesktop.org/wiki/Software/systemd/journal-files/ |
83 |
|
84 |
Wow, that makes me feel all warm, fuzzy and secure as shit. I think I |
85 |
just fell asleep for a moment. (My background would make me read this, |
86 |
essentially advertising copy, as a classic example of perverse use of |
87 |
semiotics, thus raising the reading on my B.S. meter. But I digress.) |
88 |
|
89 |
The best part is the conclusion: |
90 |
|
91 |
*If you find a limitation, please ping us and we might add some |
92 |
additional interfaces for you.* |
93 |
|
94 |
Please! Ping! |
95 |
|
96 |
Second best is, "we'll of course try hard to keep this document |
97 |
up-to-date and accurate". Of course. |
98 |
|
99 |
So. If I were paranoid, or even mildly concerned, I'd take this to mean |
100 |
two things: |
101 |
|
102 |
One. There is, or could be, data that the systemd logging magic box |
103 |
doesn't give you an interface for. Unless you know what it is, then |
104 |
they might let you log it. Or you can, of course, contribute code, I'm |
105 |
sure. Though, "Note that the actual implementation in the systemd |
106 |
codebase is the only ultimately authoritative description of the |
107 |
format". |
108 |
|
109 |
Two. If I want to have a reasonable degree of surety that the code |
110 |
isn't collecting data that isn't interfaced for you in the |
111 |
journalcontrol, I'd have to delve into the codebase for systemd. Which, |
112 |
I'm sure, is a piece of cake. And, of course, I, and my security team, |
113 |
have to review the basic code on my GNU/Linux F[L]OSS machine regularly |
114 |
anyway. |
115 |
|
116 |
Oh, wait... No I don't. |
117 |
|
118 |
The beauty of the development model I trust is a diverse group of folks |
119 |
with a *variety of interests* contributing to various areas of code, in |
120 |
turn reviewed by some set of that same varied group, eventually |
121 |
committed and merged rolled tested in the wild. |
122 |
|
123 |
Or however you may see the ideal (or fantasy) of the ecosystem as we |
124 |
know, or knew it. |
125 |
|
126 |
Just the comment in this other related thread, systemd deprecating a |
127 |
straightforward encryption setup in version N, what is next? |
128 |
|
129 |
Okay, I'll go re-wire my tin hat now. Hope someone found this amusing. |
130 |
|
131 |
Cheers, |
132 |
|
133 |
- mykhyggz |