Re: pkgsrc-dashboard - a cgi for reporting on many pkgsrc machines

[matthew sporleder <msporleder%gmail.com@localhost>]

On Sun, Apr 12, 2009 at 10:50 PM, Steven M. Bellovin
<smb%cs.columbia.edu@localhost> wrote:
> On Sun, 12 Apr 2009 21:36:58 -0400
> matthew sporleder <msporleder%gmail.com@localhost> wrote:
>
>> Hey, guys.  I have a little project I whipped up for centralizing a
>> place to get reports on the freshness and vulnerabilities of pkgsrc
>> clients in a network.  Basically, each client can send in their list
>> of packages and the server will record it, check if it's out of date
>> (newer source or binary available), and check if it's vulnerable.  I
>> haven't done a ton of testing, but it's functionally complete and
>> working on NetBSD boxes with current-ish pkg_* tools.  Check it out
>> and let me know what you think:
>>
>> http://code.google.com/p/pkgsrc-dashboard/
>>
> This sounds like a great idea!  From the description on that web site,
> I'd make one important change: it should be possible to get the client
> data either by server pull or by client push.  The reason is that some
> client systems, especially laptops, are not accessible for server pull,
> at least via ssh.  They may be at a customer site behind a firewall, in
> a hotel or residence behind a NAT, or may simply have a dynamic IP
> address.
>


The architecture is:

client -- HTTP --> server.  I wanted to avoid ssh/pull initially
because of the reasons you state above.  In the future I would like to
see it work both ways (you never know how the firewall is setup), but
I targeted http outbound because it's usually the most open.

Thanks for the encouragement,
Matt