Subject: Re: pkg_delete "Executing" output
To: Todd Vierling <tv@duh.org>
From: Alistair Crooks <agc@pkgsrc.org>
List: tech-pkg
Date: 02/10/2005 16:08:00
On Thu, Feb 10, 2005 at 10:31:17AM -0500, Todd Vierling wrote:
> On Thu, 10 Feb 2005, Alistair Crooks wrote:
>
> > > > The reason for this is one of security. For almost all users, these
> > > > commands are run as the root user; the commands are taken from a file
> > > > in the filesystem hierarchy (which is not itself checksummed). From a
> > > > security POV, I want to know what commands are being run, even if you
> > > > don't want to, because files can be modified, made to point to
> > > > additional scripts, etc.
> > >
> > > I am not sure how this could be useful for security. Having numerous
> > > "rmdir" lines scroll by makes it so nobody would want to read the output
> > > in the first place and it also hides any more interesting messages.
> >
> > I don't understand your logic. Just because you are presented with a
> > lot of information, does that make the information itself useless?
>
> Yes.
No. It doesn't make the information useless at all. I understand and
accept that you think that TMI devalues the interpretation of that
information itself, but overstating your case will not help.
> There's little chance of seeing real errors in the midst of all the
> "successfully" executed commands. Much less actually important messages
> displayed by pkginstall's DEINSTALL about important system maintenance tasks
> for the admin. And exactly who is not simply going to ignore all these
> `Executing' lines as garbage?
>
> There's a reason why, if nothing notable happened, NetBSD's /etc/security
> script outputs nothing at all. I certainly don't want some other tool going
> mega-verbose on me for a decidedly *anecdotal* notion of "security".
/etc/security is completely different. Given that there is already
output from pkg_add and pkg_delete about package matching, about OS
mismatching, you now want to remove this, and make it completely
silent in operation, I take it?
> > > Anyways, we trust that the package didn't install anything malicious in
> > > the first place and we already trust the INSTALL and DEINSTALL scripts.
> >
> > That is a good argument for showing what is happening in the INSTALL
> > and DEINSTALL scripts, yes.
>
> But not by default, for goodness sake -- that will take pkg_* from just
> plain annoying (now) to completely unworkable.
>
> Please revert the verbosity change and discuss it, or just do the Right
> Thing and make it non-default and enableable via a switch. It's getting
> well beyond annoying, and I think you can see from opinion here that others
> are quite annoyed as well.
I can see raised feelings, but I'm not sure if all the objections are
down to personal ones like Curt's, or if it's such a bad change after
all. This change was made more than a month ago:
revision 1.47
date: 2005/01/06 11:59:35; author: agc; state: Exp; lines: +3 -4
Always echo the command about to be executed to standard output, not
just when the verbose flag is specified - we are, after all, normally
executing these commands as root.
Bump version to 20050106
but the objections are only starting to surface now. Is that because
no-one has installed any packages in the last month? Why the depth of
feeling *now*?
OK, to a discussion of this - if people are really against it, and don't
want the change, I'll accept it, and I'll back it out.
Discuss away, please.
Thanks,
Alistair