Re: Versioned Conffiles was Re: Contrasting BSIGN and TRIPWIRE
On Mon, Dec 14, 1998 at 08:07:59AM +0000, John Lines wrote:
> Oscar Levi wrote:
>
>
> > My next project is to implement version control for system
> > configuration files. This can integrate with bsign, too, in that the
> > administrator can sign (bless) the edited config files as part of the
> > standard process. If someone is really paranoid, he can use a
> > smartcard for signature generation and/or a NFS mount of the system
> > being adminstered to isolate encryption from a vulnerable system.
> >
>
> I would like to see RCS support for system configuration files - something like:
>
> If when the user says they would like to install a new conffile from the
> package, then
> If there is an RCS directory for the conffile then check in the old version,
> and check in the new Debian version, giving it a suitable label (saying which
> package version it came from etc.
>
> This could supplement (where RCS was available) the various different systems
> which keep multiple old conf files (such as the rotated apache conf files
> system - which I really like BTW)
cfengine to a great degree supports this (since it uses cvs) it is not
supported by dpkg tho.
--
----- -- - -------- --------- ---- ------- ----- - - --- --------
Ben Collins <b.m.collins@larc.nasa.gov> Debian GNU/Linux
UnixGroup Admin - Jordan Systems Inc. bcollins@debian.org
------ -- ----- - - ------- ------- -- The Choice of the GNU Generation
Reply to: