| 1 |
On Thu, 20 Feb 2014 15:38:46 -0600 |
| 2 |
Canek Peláez Valdés <caneko@×××××.com> wrote: |
| 3 |
|
| 4 |
> On Thu, Feb 20, 2014 at 3:22 PM, Tanstaafl |
| 5 |
> <tanstaafl@×××××××××××.org> wrote: |
| 6 |
> > On 2014-02-20 4:04 PM, Canek Peláez Valdés <caneko@×××××.com> wrote: |
| 7 |
> >>> |
| 8 |
> >>> No, actually, I think whatever is defined as the current default |
| 9 |
> >>> should dictate which group should be required to do the work. |
| 10 |
> > |
| 11 |
> > |
| 12 |
> >> I think this is where we think differently (regarding this |
| 13 |
> >> particular point). The work must be done by *whomever* wants to do |
| 14 |
> >> the job. So if the systemd people want to do a profile that's fine |
| 15 |
> >> (and this already happened); but if they don't want to, nobody can |
| 16 |
> >> force them to do it (this is academic right now, since they |
| 17 |
> >> already did the [pretty trivial] work). |
| 18 |
> >> |
| 19 |
> >> If the systemd people did not wanted to do the job, then, since you |
| 20 |
> >> can't force them, the people *not* wanting systemd would be the |
| 21 |
> >> ones required to do it. And that makes absolutely no sense. |
| 22 |
> > |
| 23 |
> > |
| 24 |
> > I think we agree, but you keep saying we don't... ;) |
| 25 |
> > |
| 26 |
> > The difference is, since OpenRC is the default, all of the existing |
| 27 |
> > profiles are, by definition, OpenRC based profiles. So, people who |
| 28 |
> > don't want systemd simply have to do... nothing! |
| 29 |
> |
| 30 |
> OK, I see your point. |
| 31 |
> |
| 32 |
> > As I said before, it is people who want systemd who currently have |
| 33 |
> > to 'do something', and that is as it should be, unless/until the |
| 34 |
> > default of OpenRC is changed to systemd. |
| 35 |
> |
| 36 |
> Agreed. |
| 37 |
> |
| 38 |
> Regards. |
| 39 |
|
| 40 |
Been following along, jumping in late. |
| 41 |
|
| 42 |
That does settle the issue with regard to Gentoo 'defaults' for now. As |
| 43 |
I see it, if you are a desktop [l]user, then go ahead and use a quick |
| 44 |
systemd default. It's good enough. And Gnome folks, from what I |
| 45 |
understood, didn't have an easy opt-out choice, really. At least not |
| 46 |
easy enough for me to grok right away. |
| 47 |
|
| 48 |
Anyway, some arguments on the other branches of this thread got me |
| 49 |
thinking. Take the binary log files. This seems to be something we all |
| 50 |
understand to some extent (as compared to init systems, say), whether |
| 51 |
a tinkerer or enterprise user. There's now something corporate sitting |
| 52 |
between me and the evil crap coming out of my daemons. |
| 53 |
|
| 54 |
Who logs the loggers? |
| 55 |
|
| 56 |
My thought was, well, say if someone else, some other, unrelated team |
| 57 |
entirely, was maintaining a codebase for handling that logging data, |
| 58 |
that's a way out of the monoculture of systemd that would give some |
| 59 |
peace of mind. If they, as also smart, talented coders began to |
| 60 |
disagree, they might have capacity to keep the project in bounds. |
| 61 |
|
| 62 |
So, for the hell of it, I just went to have a look at what the deal |
| 63 |
might be with that binary data that hangs around and dumps to disk, |
| 64 |
maybe, in one format or another. |
| 65 |
|
| 66 |
"This document explains the basic structure of the file format on disk. |
| 67 |
We are making this available primarily to allow review and provide |
| 68 |
documentation. Note that the actual implementation in the systemd |
| 69 |
codebase is the only ultimately authoritative description of the |
| 70 |
format, so if this document and the code disagree, the code is right. |
| 71 |
That said we'll of course try hard to keep this document up-to-date and |
| 72 |
accurate. |
| 73 |
|
| 74 |
Instead of implementing your own reader or writer for journal files we |
| 75 |
ask you to use the Journal's native C API to access these files. It |
| 76 |
provides you with full access to the files, and will not withhold any |
| 77 |
data. If you find a limitation, please ping us and we might add some |
| 78 |
additional interfaces for you." |
| 79 |
|
| 80 |
From: |
| 81 |
|
| 82 |
http://www.freedesktop.org/wiki/Software/systemd/journal-files/ |
| 83 |
|
| 84 |
Wow, that makes me feel all warm, fuzzy and secure as shit. I think I |
| 85 |
just fell asleep for a moment. (My background would make me read this, |
| 86 |
essentially advertising copy, as a classic example of perverse use of |
| 87 |
semiotics, thus raising the reading on my B.S. meter. But I digress.) |
| 88 |
|
| 89 |
The best part is the conclusion: |
| 90 |
|
| 91 |
*If you find a limitation, please ping us and we might add some |
| 92 |
additional interfaces for you.* |
| 93 |
|
| 94 |
Please! Ping! |
| 95 |
|
| 96 |
Second best is, "we'll of course try hard to keep this document |
| 97 |
up-to-date and accurate". Of course. |
| 98 |
|
| 99 |
So. If I were paranoid, or even mildly concerned, I'd take this to mean |
| 100 |
two things: |
| 101 |
|
| 102 |
One. There is, or could be, data that the systemd logging magic box |
| 103 |
doesn't give you an interface for. Unless you know what it is, then |
| 104 |
they might let you log it. Or you can, of course, contribute code, I'm |
| 105 |
sure. Though, "Note that the actual implementation in the systemd |
| 106 |
codebase is the only ultimately authoritative description of the |
| 107 |
format". |
| 108 |
|
| 109 |
Two. If I want to have a reasonable degree of surety that the code |
| 110 |
isn't collecting data that isn't interfaced for you in the |
| 111 |
journalcontrol, I'd have to delve into the codebase for systemd. Which, |
| 112 |
I'm sure, is a piece of cake. And, of course, I, and my security team, |
| 113 |
have to review the basic code on my GNU/Linux F[L]OSS machine regularly |
| 114 |
anyway. |
| 115 |
|
| 116 |
Oh, wait... No I don't. |
| 117 |
|
| 118 |
The beauty of the development model I trust is a diverse group of folks |
| 119 |
with a *variety of interests* contributing to various areas of code, in |
| 120 |
turn reviewed by some set of that same varied group, eventually |
| 121 |
committed and merged rolled tested in the wild. |
| 122 |
|
| 123 |
Or however you may see the ideal (or fantasy) of the ecosystem as we |
| 124 |
know, or knew it. |
| 125 |
|
| 126 |
Just the comment in this other related thread, systemd deprecating a |
| 127 |
straightforward encryption setup in version N, what is next? |
| 128 |
|
| 129 |
Okay, I'll go re-wire my tin hat now. Hope someone found this amusing. |
| 130 |
|
| 131 |
Cheers, |
| 132 |
|
| 133 |
- mykhyggz |
Archives