Date: Sat, 21 Dec 2013 13:39:59 -0800 From: Steve Kargl <sgk@troutmask.apl.washington.edu> To: Darren Pilgrim <list_freebsd@bluerosetech.com> Cc: freebsd-current@freebsd.org Subject: Re: PACKAGESITE spam Message-ID: <20131221213959.GA61238@troutmask.apl.washington.edu> In-Reply-To: <52B60727.8090001@bluerosetech.com> References: <52B5DF8C.5050204@gmx.com> <20131221200538.GA60827@troutmask.apl.washington.edu> <20131221201026.GB1730@glenbarber.us> <20131221201403.GB60827@troutmask.apl.washington.edu> <alpine.BSF.2.00.1312211450130.5630@badger.tharned.org> <20131221210553.GA61158@troutmask.apl.washington.edu> <52B60727.8090001@bluerosetech.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Sat, Dec 21, 2013 at 01:24:55PM -0800, Darren Pilgrim wrote: > On 12/21/2013 1:05 PM, Steve Kargl wrote: > > On Sat, Dec 21, 2013 at 02:54:39PM -0600, Greg Rivers wrote: > >> On Sat, 21 Dec 2013, Steve Kargl wrote: > >> > >>> It did not ask how to stop this stupidity. I asked to have this > >>> stupidity stopped by default. The spewing of this information in > >>> /var/log/messages provides NOTHING. Please turn it off by default. > >>> > >> > >> Do you really feel that strongly about it? Having a record of changes to > >> the system has always seemed like a feature to me... > >> > > > > Yes, I do feel strongly about it. It is completely unnecesary noise. > > It should be off by default. If someone wants to fill /var up with > > useless information, then that someone can turn on the noise. > > It's about what's safe in the common case. There are significant > security risks inherent in pkg's activities, so having a written > external record is the safe option. > > I don't buy the "fill up /var" argument. If your /var is so small that > pkg's logging risks filling it up, why are you not logging to an > external syslog server? There are much more voluminous sources of logs > on a FreeBSD system. It has nothing to do with the size of /var, really. It is completely useless information. You want to know what package are installed, use 'pkg info'. Packages do not spontaneously install themselves. If your system is so insecure that you are worried that some unpriveleged user installed a package, you have bigger problems. -- steve -- Steve
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20131221213959.GA61238>