On Tue, 03 Nov 2015 16:18:07 +0100 Didier Kryn <[email protected]> wrote:
> Le 02/11/2015 15:53, Rainer Weikusat a écrit : > > Didier Kryn <[email protected]> writes: > > > > [...] > > > >> Reporting readyness is admin-friendly, but this can be done > >> trivially, in the s6 fashion; it does not take a library to do. > > https://en.wikipedia.org/wiki/Time_of_check_to_time_of_use > > https://cwe.mitre.org/data/definitions/367.html > > https://isecpartners.github.io/news/research/2015/03/03/recognizing_preventing_toctou.html > > > > [and no end of other links] > > > > The problem can't be solved other than by processes which need to > > talk to other processes implementing a strategy for coping with > > transient outages. > > > Rainer, > > I agree with you, and it was the first point in my mail, that > the servers should be able to cope with outages. However let's not be > extremists. The requirement should be put on widely used professional > servers, but I think there should remain the possibility to start > quick private hacks in a dependency-based fashion. In most cases this > is going to work, because Time_of_check_to_time_of_use issues do not > arise all the time. In this last case, signalling readyness is easily > done by writing a newline to standard output - no need for a library. > > Didier There's an init system called s6-rc that just came out or is just coming out. From what I understand, it starts stuff sequentially or in parallel, with very sophisticated process dependency checking available, and I think it has an extremely simple way for processes to communicate readiness. With any luck, about the time that Devuan is stable, widely used, and ready to move on from sysvinit, s6-rc will be ready to carry the load. SteveT Steve Litt November 2015 featured book: Troubleshooting Techniques of the Successful Technologist http://www.troubleshooters.com/techniques _______________________________________________ Dng mailing list [email protected] https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
