Bart Smaalders wrote:
> Garrett D'Amore wrote:
>
>
> Simply stopping the addition of open source software to Solaris
> in order to meet auditing requirements for /etc files (which we
> don't meet anyway w/ the stuff we've shipped for years) seems
> ludicrous.
I don't think you understand what "derailing" means. It means that the
case gets a regular review, because it failed the "obviousness" test
required for a fast track.
It does *not* mean that you can't ship the software. Please don't
assume that derailing is an automatic failure.
That said, it may be that just a few too many FOSS projects have come
our way indicating that because the architecture is good enough for
Linux, it ought to be good enough for us.
While for any given project this may or may not be true, if we're going
to abdicate all of our engineering elsewhere, then we ought to just
close up shop and stop trying to pretend that we are exercising even a
little control over the whole system, or have any kind of high level
architectural vision beyond "copy Linux".
FWIW, I don't disagree that we have a half-baked solution for auditing
administration. Far far too many configuration files are used where an
administrative tool would provide audit (and RBAC!) support.
Yes, there are lots of clever solutions around this problem...
Anyway, I don't make the rules. If you want to appeal the policy,
that's fine, just don't expect to be able to do so in the context of a
fast-track.
-- Garrett
