Luke Kanies wrote:
I fully plan to make dangerous tools, tools that allow you to be as stupid or as smart as you like. If you're stupid, you'll break your network, and your boss will fire you; hopefully he'll be smart enough to hire someone in your place who isn't dumb enough to use tools in stupid ways.
There seems to be a misunderstanding here. Safety is not about having tools that are limited, but instead about having tools that are aware to some extent of the effects of their actions and can predict the results of changes well enough to protect their own infrastructure and avoid getting the configuration management infrastructure into irrecoverable
states. If you insist upon making a tool that -- by nature -- can easily get the system into an irrecoverable state, then I don't see why people should use it. That's power without responsibility. Not being able to blow away the management infrastructure seems a reasonable "limit". This is not to say that this limit is built in. It is instead a policy. In fact, I have a really good example of limits made powerful. My tool "slink", described in my 1996 paper, allowed one to specify a modification policy that the tool wouldn't violate. This allowed us to collaborate for years on maintaining shared software repositories with *no* danger of corrupting system files via a misconfiguration. This saved our tails many times. The only reason we stopped using it was to move to cfengine, and in doing so, we *lost* a safety factor; we can no longer protect the system files from configuration mistakes (except through mounting them without root!). In other words, safety is not about "making languages limited", but instead about "being able to specify policies that assure safety and limit scope of action". -- Dr. Alva L. Couch Associate Professor of Computer Science Tufts University Medford, MA 02155 http://www.cs.tufts.edu/~couch _______________________________________________ lssconf-discuss mailing list [email protected] http://lists.inf.ed.ac.uk/mailman/listinfo/lssconf-discuss
