Subject: Re: insecurity out showing unimportant changes
To: Chris Ross <email@example.com>
From: Denis Lagno <firstname.lastname@example.org>
Date: 09/18/2004 01:09:07
> Has anyone thought about ignoring comments, or at least
> specific expected comment changes (like resolv.conf when
> dhclient is being used)? Anyone else agree that this would
> be a good idea?
IMHO, it is not very nice idea.
First, there are places where comments are important for other tools.
For instance, comments in /etc/rc.d/* are parsed by rcorder.
Second, it just will be weird and confusing to see mangled diffs.
Diffs should be straightforward.
However you can set
diff_options=-u -I '^# Created by dhclient.*'
diff_options=-u -I '^#.*'
in your /etc/security.conf