On 26/12/11 18:15, Anders Johansson wrote:
Besides which, the whole notion of tamper proof logs
is silly from the start -
there is just no such thing. If I achieve root on a system, I have access to
every single key used to cryptographically sign anything (no, there can't be
passwords for autonomous daemons, at best the password has to be typed in on
boot, but after that the key will be available in RAM for root to read).
And with the keys, I can generate any log you care to examine, and you won't
be able to tell the difference.
There is no PK in journald, the tamper resistant part is inspired in
something very similar to git.
Sure, you can get around it, by limiting what root can
do, or logging to
another system, or to hardware unchangeable output such as a printer, but then
you can do that with any logging system.
Besides besides which, a new kind of logging system is hardly a valid argument
in favour of ripping out the entire core infrastructure of the system.
And what would be ripped exaclty ? you can still use syslog...
I still propose that we drop systemd completely
That's sums up all arguments I have heard agaisnt systemd "I do not like
it", "it much work", etc..googling sadly reveals zero reasonable
technical arguments against it, all you see falls into the following
categories (and I googled a lot. before jumping into this ship)
- Appeals to tradition --> we do things this way and works.
- ad hominems --> Lennart is an ass, blabla..
- ad portability --> it is not portable therefore sucks, that the most
utter bullshit frecuently heard from the BSD crowd.
Portability in reality means "A whole bunch of code and ugly hacks to
make it work in your obscure system" (just take a look at openssl in
- People that claim cgroups are ugly/broken, wrong choir !! that's
something to complain to kernel developers.
- In general lack of understanding what systemd really does.
To unsubscribe, e-mail: opensuse-factory+unsubscribe(a)opensuse.org
To contact the owner, e-mail: opensuse-factory+owner(a)opensuse.org