On 25.06.2005, at 18:48, Andy Bakun wrote: > On Sat, 2005-06-25 at 01:50, Denis Solovyov wrote: > >> No any problems. Just want to control all config files by myself, >> not by >> updater. After linux installation admin usually inspects all >> config >> files in /etc and if they are suitable he leaves them >> unmodified. >> Unmodified config means proper config. >>
I would like to add to andy's post that this is complete not in the security way, since lots of the defaults (if the complete config is configured out) are often compile time options, they could change often, especially if something changes in the code base. and WHAT service is actually running on a default config and shouldn't be changed???? I don't like "self" changing config files either, but on the other hand I like services where I put my config in additionally, and everything default is compiled it (e.g. postfix), so if something is changed by wietse venema, or the package maintainer, it applies to my config as well, if I don't override it in my personal (very few config) lines. Even SSH could be changed by the maintainer by compile time options even if you keep your old config!! So what is the point in keeping an outdated config?? You mentioned ntp.conf, what is the point in running it, if you have no time server in your config?? as soon as there is a time server in there, your config won't be changed. Maybe we'll find a reason why it wouldn't be good in your case to update default config files with the new version, but 99% of all cases I can think of it is better to have the default config in sync with the binary and it's options, not having a legacy one. so Denis, please provide more examples best matthias _______________________________________________ tsl-discuss mailing list [email protected] http://lists.trustix.org/mailman/listinfo/tsl-discuss
