On Monday 06 October 2008 21:19:50 Francois Marier wrote: > Hi Adeodato, > > > I think a debconf prompt to ask whether to enable a cron script > > is an overkill. > > I think that the debconf question is useful since it enables, in my > opinion, a useful feature that a lot of people would otherwise not bother > reading about in the documentation. > > > If you want debsums to ship a cron script, I think it should, if at all: > > > > (a) be weekly (at most), or monthly > > (b) be daily, but disabled by default from /etc/default/debsums > > I guess it comes down to the two things that debsums can warn you about: > > (1) broken package > (2) compromised package > > In the case of (1), then I agree, weekly or monthly is more reasonable (or > possibly less even). > > However in the second case, I actually want to know straight away if a > binary changes on my system. So I think that it's much more useful to do it > every day in that case. > > Now I would expect that people concerned with (1) would not run the cronjob > and people concerned with (2) would want to run it every day.
In case of 2, the intruder is more than normal stupid if he gets caught by this. To quote the debconf templates: " This may be useful for checking system integrity later, though it " "should not be relied on as a security measure." "This security check takes some time to run but is highly recommended." Why is it *highly recommended* to *daily* do a security check that *should not be relied on as a security measure* Please. Get a grip on reality and 1) Don't ask this in debconf 2) don't enable such cron run by default Thanks in advance /Sune -- I cannot insert a forward from ICQ, how does it work? You should reset the mousepad.
signature.asc
Description: This is a digitally signed message part.
