On Thu, Dec 26, 2013 at 10:16:44PM +1100, Peter Jeremy wrote:
> On 2013-Dec-22 11:53:17 -0800, Darren Pilgrim <list_free...@bluerosetech.com> 
> wrote:
> >Because of that deinstall log.  When you use `pkg install` to upgrade a 
> >port, you get something like this:
> >
> >Jul 10 23:06:40 chombo pkg-static: ca_root_nss-3.15.1 installed
> >Nov 29 15:04:52 chombo pkg: ca_root_nss reinstalled: 3.15.2_1
> >
> >That information does not exist in the pkg database.
> I agree that's a serious bug/regression in the pkg database: With the
> old pkg system, I could tell when a port was installed by looking at
> the timestamps on the +COMMENT file.  The install time is needed to
> answer questions like "does this entry in UPDATING affect me" (ie have
> I rebuilt the port since the entry date).  It's something I used
> regularly and its absence is a PITA.

You can still query from the package database about the installation time.

With the ancient system you had no way to determine if something was reinstalled
You add no way to determine if it was an upgrade 
You add no way to fihure out what something was removed.

> I shouldn't need to rummage through /var/log/messages - and in any case,
> by default FreeBSD only keeps 500K of messages history (about a month
> in my case) so the information has probably rotated into the bit bucket.
> I agree that having a pkg audit trail would be useful.  Unfortunately,
> what we have today is not an audit trail and isn't especially useful.

it is an audit trail, it is very useful in lots of cases as I spotted before,
and it is also mandatory for some security certification in that form precisely.

You want other cases, here is 2 others very very usual cases?
Determine what has been done when managing a farm of servers with
puppet,cfengine,salt,anssible and friens.
Determine what has been done when you have multiple admins on your servers


Attachment: pgpKZRI3knk4r.pgp
Description: PGP signature

Reply via email to