On Sat, Dec 21, 2013 at 01:39:59PM -0800, Steve Kargl wrote: > On Sat, Dec 21, 2013 at 01:24:55PM -0800, Darren Pilgrim wrote: > > On 12/21/2013 1:05 PM, Steve Kargl wrote: > > > On Sat, Dec 21, 2013 at 02:54:39PM -0600, Greg Rivers wrote: > > >> On Sat, 21 Dec 2013, Steve Kargl wrote: > > >> > > >>> It did not ask how to stop this stupidity. I asked to have this > > >>> stupidity stopped by default. The spewing of this information in > > >>> /var/log/messages provides NOTHING. Please turn it off by default. > > >>> > > >> > > >> Do you really feel that strongly about it? Having a record of changes to > > >> the system has always seemed like a feature to me... > > >> > > > > > > Yes, I do feel strongly about it. It is completely unnecesary noise. > > > It should be off by default. If someone wants to fill /var up with > > > useless information, then that someone can turn on the noise. > > > > It's about what's safe in the common case. There are significant > > security risks inherent in pkg's activities, so having a written > > external record is the safe option. > > > > I don't buy the "fill up /var" argument. If your /var is so small that > > pkg's logging risks filling it up, why are you not logging to an > > external syslog server? There are much more voluminous sources of logs > > on a FreeBSD system. > > It has nothing to do with the size of /var, really. It is completely > useless information. You want to know what package are installed, use > 'pkg info'. Packages do not spontaneously install themselves. If > your system is so insecure that you are worried that some unpriveleged > user installed a package, you have bigger problems. > > -- > steve > > > -- > Steve > _______________________________________________ > firstname.lastname@example.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-current > To unsubscribe, send any mail to "freebsd-current-unsubscr...@freebsd.org"
this has been done and activated for reason, first for lot of companies, it is important (PCI DSS requirement for example), secondly I receive tons of request to actiavte on by default while you are the first to request it off by default Bapt
Description: PGP signature