On Thu, Dec 26, 2013 at 10:16:44PM +1100, Peter Jeremy wrote: > On 2013-Dec-22 11:53:17 -0800, Darren Pilgrim <list_free...@bluerosetech.com> > wrote: > >Because of that deinstall log. When you use `pkg install` to upgrade a > >port, you get something like this: > > > >Jul 10 23:06:40 chombo pkg-static: ca_root_nss-3.15.1 installed > >Nov 29 15:04:52 chombo pkg: ca_root_nss reinstalled: 3.15.2_1 > > > >That information does not exist in the pkg database. > > I agree that's a serious bug/regression in the pkg database: With the > old pkg system, I could tell when a port was installed by looking at > the timestamps on the +COMMENT file. The install time is needed to > answer questions like "does this entry in UPDATING affect me" (ie have > I rebuilt the port since the entry date). It's something I used > regularly and its absence is a PITA.
You can still query from the package database about the installation time. With the ancient system you had no way to determine if something was reinstalled You add no way to determine if it was an upgrade You add no way to fihure out what something was removed. > > I shouldn't need to rummage through /var/log/messages - and in any case, > by default FreeBSD only keeps 500K of messages history (about a month > in my case) so the information has probably rotated into the bit bucket. > > I agree that having a pkg audit trail would be useful. Unfortunately, > what we have today is not an audit trail and isn't especially useful. it is an audit trail, it is very useful in lots of cases as I spotted before, and it is also mandatory for some security certification in that form precisely. You want other cases, here is 2 others very very usual cases? Determine what has been done when managing a farm of servers with puppet,cfengine,salt,anssible and friens. Determine what has been done when you have multiple admins on your servers regards, Bapt
Description: PGP signature