Nicolas Williams wrote:
> On Thu, Aug 07, 2008 at 08:18:04AM -0400, James Carlson wrote:
>   
>> If "for human eyes only" is the goal, then you can already do what
>> this project proposes, but with security, by "ssh hostname kstat".  If
>> you really don't care about security, enable rsh and use that.  :-/
>>     
>
> Er, using rsh means caring a lots less about security than what this
> project proposes!
>
>   
>> It is indeed "simple" -- I'll grant the submitter that it's obviously
>> the simplest way to implement such a mechanism -- but it's
>> architecturally suspicious on the grounds that it's building atop an
>> interface in a way that the designers of that interface didn't
>> anticipate.  It's analogous to scraping messages out of syslog files.
>>     
>
> I think Erik will need to version the RPC protocol everytime that the
> internal structures of libkstat change.  I doubt we'll see high rates of
> new versions of those structures.
>   

Agreed.

 From my perspective:

1) If this project continues, the project should be converted to use the 
RPC GSS security mechanism, as Darren has requested.

2) The protocol needs to be versioned in case kstat structures change -- 
I don't expect this to happen often either.

3) However, the whole project itself is IMO dubious, since the *data* 
itself is not stable, and can't be relied upon.  I still am requesting 
that the project more fully elucidate what stats they are planning on 
using (and how they will be used) with this so we can more fully examine 
the "complete" architecture motivating this proposal.  My gut feeling is 
that if SNMP or rstat are somehow insufficient, then we should correct 
those problems at the root, rather than creating this new API.

    -- Garrett


Reply via email to