Re: Versioned Conffiles was Re: Contrasting BSIGN and TRIPWIRE
On Mon, Dec 14, 1998 at 10:04:02AM -0500, Ben Collins wrote:
> On Mon, Dec 14, 1998 at 08:07:59AM +0000, John Lines wrote:
> > Oscar Levi wrote:
> > > My next project is to implement version control for system
> > > configuration files. This can integrate with bsign, too, in that the
> > > administrator can sign (bless) the edited config files as part of the
> > > standard process. If someone is really paranoid, he can use a
> > > smartcard for signature generation and/or a NFS mount of the system
> > > being adminstered to isolate encryption from a vulnerable system.
> > >
> > I would like to see RCS support for system configuration files - something like:
> > If when the user says they would like to install a new conffile from the
> > package, then
> > If there is an RCS directory for the conffile then check in the old version,
> > and check in the new Debian version, giving it a suitable label (saying which
> > package version it came from etc.
> > This could supplement (where RCS was available) the various different systems
> > which keep multiple old conf files (such as the rotated apache conf files
> > system - which I really like BTW)
> cfengine to a great degree supports this (since it uses cvs) it is not
> supported by dpkg tho.
I'll look into cfengine. My observation in the past is that admintool
authors are trying to replace the config files with a UI. I don't
want to do that in the first step. I'm much more interested in
remote, centralized administration of a network of hosts.
> ----- -- - -------- --------- ---- ------- ----- - - --- --------
> Ben Collins <firstname.lastname@example.org> Debian GNU/Linux
> UnixGroup Admin - Jordan Systems Inc. email@example.com
> ------ -- ----- - - ------- ------- -- The Choice of the GNU Generation