On Fri, Jul 11, 2003 at 01:01:12PM +0200, Thomas Gebhardt wrote: > Hi, > > > > what about server unification, how was this solved? > > > > It is not. Unfortunatly. > > Wouldn't it suffice to scan all files in /usr and its > subdirectories (on the vservers) looking for file > attributes and md5sum, "unifying" all the files that > are identical?
hmm, let me explain how rpm based distros use unification: - the rpm 'spec' file has a list of files which are to be included in the resulting rpm, roughly categorizing their funtion, (binary, man page, config file, etc) - this makes it easy to separate for example log files from config files from shared libraries and binary executables ... why not unify all 'equal' files (md5 hash e.g.)? consider two newly created vservers, with lots of config/log/temp files in it. they would have the same md5 sum, but will after the first start of each vserver start to divergate, which would not be possible if they where unified in the first place ... > > > what about security updates in regard of unification? > > > any comments/infos are welcome ... > > > That is really not a easy thing to fix. All help is appriciated of course. > > What's the problem here? After a security update on one/several/all > vservers the different vservers will diverge. If one has a mechanism > for "unifying" different vservers, one could rescan and reunify > the vervsers. Of course, it would be more elegant just to rescan > the files of the packages that are involved in the update. best, Herbert > Cheers, Thomas >
