On Thu, 10 Feb 2005, Alistair Crooks wrote:

> > > The reason for this is one of security.  For almost all users, these
> > > commands are run as the root user; the commands are taken from a file
> > > in the filesystem hierarchy (which is not itself checksummed).  From a
> > > security POV, I want to know what commands are being run, even if you
> > > don't want to, because files can be modified, made to point to
> > > additional scripts, etc.
> >
> > I am not sure how this could be useful for security. Having numerous
> > "rmdir" lines scroll by makes it so nobody would want to read the output
> > in the first place and it also hides any more interesting messages.
>
> I don't understand your logic.  Just because you are presented with a
> lot of information, does that make the information itself useless?

Yes.

There's little chance of seeing real errors in the midst of all the
"successfully" executed commands.  Much less actually important messages
displayed by pkginstall's DEINSTALL about important system maintenance tasks
for the admin.  And exactly who is not simply going to ignore all these
`Executing' lines as garbage?

There's a reason why, if nothing notable happened, NetBSD's /etc/security
script outputs nothing at all.  I certainly don't want some other tool going
mega-verbose on me for a decidedly *anecdotal* notion of "security".

> > Anyways, we trust that the package didn't install anything malicious in
> > the first place and we already trust the INSTALL and DEINSTALL scripts.
>
> That is a good argument for showing what is happening in the INSTALL
> and DEINSTALL scripts, yes.

But not by default, for goodness sake -- that will take pkg_* from just
plain annoying (now) to completely unworkable.

Please revert the verbosity change and discuss it, or just do the Right
Thing and make it non-default and enableable via a switch.  It's getting
well beyond annoying, and I think you can see from opinion here that others
are quite annoyed as well.

-- 
-- Todd Vierling <tv@duh.org> <tv@pobox.com>