Andrew Brown <atatat@atatdot.net> wrote on Sat, 22 Feb 2003
at 00:15:10 -0500 in <20030222001510.A2752@noc.untraceable.net>:


> >The existing behavior benefits no one.
> >There's no advantage in continuing the empty reports.
> 
> sure there is.  when i get an empty report, i know nothing was wrong.
> when i get no report, i don't know if it got lost or not.

The daily report (/etc/daily) indicates that a report is
suppressed. You know if you care to know (and look).

> >We should move to a reasonable default that is good for everyone.
> >The time to make that transition is when the change is implemented.
> 
> you presuppose that you know what is good for everyone.  i take
> delight in getting empty security reports.  not getting them would
> disrupt things.

I have some faith in my ability to make judgements.
You are free to disagree with my judgement, of course, but
it would be rather hypocritical to assert that your judgement was
arbitrarily superior ;-)


In this case, I think it's clear that the majority of our users are
not pleased to receive a zero-length email message on a daily basis.

The entire VALUE of the daily security report is that it calls
attention to problems; appearance of a security report should be
_rare_, it should not be a regular, easy-to-ignore, thing. As such, we
should do everything in our power to make it easy to suppress spurious
portions of the report (see earlier commits from me this month), as
well as to suppress extraneous reports (this commit), as long as it
does not sacrifice security. (Anyone who thinks seeing an empty email
message "adds to security" is deluding themselves).

I don't think you will find widespread support for a preference
of empty security reports. But by all means, please attempt to
demonstrate it...

--jhawk