On Fri, March 31, 2006 2:48 pm, Atom Powers said: > It depends a lot on what you are rolling back,
Right, I agree. Some things are simple to implement, perhaps a one-line change in your configuration to 'undo' an action. But what if a simple mode change on a directory had allowed a user to write or change files there, what is the right way to 'undo' now, do you merely correct the mode, or do you remove the [possibly trojaned] file too? Does 'undo' mean completely restore the system image to what it was before the last change? What about subsequent changes that were appropriate: new mail in the spool, or logfiles? If you just eliminate them from rollback changes, you eliminate the possibility that that is where the wrong mode allowed a user to delete someone's mail or lines from a logfile. Those are just the simplest examples I can think of. Installing the wrong version of a software package can have all kinds of consequences, and forcing a re-install of the previous version could just make things worse. My point is that I believe an 'undo' function in a configuration management tool is a pipe dream, akin to time travel. Like you say, it inescapably 'depends a lot'. -Ed _______________________________________________ Help-cfengine mailing list Help-cfengine@cfengine.org http://cfengine.org/mailman/listinfo/help-cfengine
