On Thu, Feb 10, 2005 at 10:31:17AM -0500, Todd Vierling wrote:
> On Thu, 10 Feb 2005, Alistair Crooks wrote:
> 
> > > > The reason for this is one of security.  For almost all users, these
> > > > commands are run as the root user; the commands are taken from a file
> > > > in the filesystem hierarchy (which is not itself checksummed).  From a
> > > > security POV, I want to know what commands are being run, even if you
> > > > don't want to, because files can be modified, made to point to
> > > > additional scripts, etc.
> > >
> > > I am not sure how this could be useful for security. Having numerous
> > > "rmdir" lines scroll by makes it so nobody would want to read the output
> > > in the first place and it also hides any more interesting messages.
> >
> > I don't understand your logic.  Just because you are presented with a
> > lot of information, does that make the information itself useless?
> 
> Yes.

No.  It doesn't make the information useless at all.  I understand and
accept that you think that TMI devalues the interpretation of that
information itself, but overstating your case will not help.
 
> There's little chance of seeing real errors in the midst of all the
> "successfully" executed commands.  Much less actually important messages
> displayed by pkginstall's DEINSTALL about important system maintenance tasks
> for the admin.  And exactly who is not simply going to ignore all these
> `Executing' lines as garbage?
>
> There's a reason why, if nothing notable happened, NetBSD's /etc/security
> script outputs nothing at all.  I certainly don't want some other tool going
> mega-verbose on me for a decidedly *anecdotal* notion of "security".

/etc/security is completely different.  Given that there is already
output from pkg_add and pkg_delete about package matching, about OS
mismatching, you now want to remove this, and make it completely
silent in operation, I take it?
 
> > > Anyways, we trust that the package didn't install anything malicious in
> > > the first place and we already trust the INSTALL and DEINSTALL scripts.
> >
> > That is a good argument for showing what is happening in the INSTALL
> > and DEINSTALL scripts, yes.
> 
> But not by default, for goodness sake -- that will take pkg_* from just
> plain annoying (now) to completely unworkable.
> 
> Please revert the verbosity change and discuss it, or just do the Right
> Thing and make it non-default and enableable via a switch.  It's getting
> well beyond annoying, and I think you can see from opinion here that others
> are quite annoyed as well.

I can see raised feelings, but I'm not sure if all the objections are
down to personal ones like Curt's, or if it's such a bad change after
all.  This change was made more than a month ago:

	revision 1.47
	date: 2005/01/06 11:59:35;  author: agc;  state: Exp;  lines: +3 -4
	Always echo the command about to be executed to standard output, not
	just when the verbose flag is specified - we are, after all, normally
	executing these commands as root.

	Bump version to 20050106

but the objections are only starting to surface now.  Is that because
no-one has installed any packages in the last month? Why the depth of
feeling *now*?

OK, to a discussion of this - if people are really against it, and don't
want the change, I'll accept it, and I'll back it out.

Discuss away, please.

Thanks,
Alistair