On Tuesday 27 December 2011 00:22:40 wrote:
On 26/12/11 18:15, Anders Johansson wrote:
Besides which, the whole notion of tamper proof logs is silly from the start - there is just no such thing. If I achieve root on a system, I have access to every single key used to cryptographically sign anything (no, there can't be passwords for autonomous daemons, at best the password has to be typed in on boot, but after that the key will be available in RAM for root to read).
And with the keys, I can generate any log you care to examine, and you won't be able to tell the difference.
There is no PK in journald, the tamper resistant part is inspired in something very similar to git.
Sure, you can get around it, by limiting what root can do, or logging to another system, or to hardware unchangeable output such as a printer, but then you can do that with any logging system.
Besides besides which, a new kind of logging system is hardly a valid argument in favour of ripping out the entire core infrastructure of the system.
And what would be ripped exaclty ? you can still use syslog...
I still propose that we drop systemd completely
That's sums up all arguments I have heard agaisnt systemd "I do not like it", "it much work", etc..googling sadly reveals zero reasonable technical arguments against it, all you see falls into the following categories (and I googled a lot. before jumping into this ship)
- Appeals to tradition --> we do things this way and works.
- ad hominems --> Lennart is an ass, blabla..
- ad portability --> it is not portable therefore sucks, that the most utter bullshit frecuently heard from the BSD crowd.
Portability in reality means "A whole bunch of code and ugly hacks to make it work in your obscure system" (just take a look at openssl in example)
- People that claim cgroups are ugly/broken, wrong choir !! that's something to complain to kernel developers.
- In general lack of understanding what systemd really does.
Cristian , You need to go away and read and listen to yourself sometime seriously , So far up the butt end of this darn unwanted systend thing it is untrue ,, Me i dont really care as long as it WORKS and systend clearly is fatally flawed from the gorund up so it does not fit the bill of working and from what i can see NEVER WILL for the simple reason you would need to rewrite almost ever Linux program that uses the old solid working init system to fit with the NEW BROKEN systend Alpha quality stuff YMMV mine is not movable Pete . -- Powered by openSUSE 11.3 (x86_64) Kernel: 2.6.34.10-0.4-desktop KDE Development Platform: 4.6.5 (4.6.5) "release 7" 07:43 up 1 day 7:26, 4 users, load average: 0.15, 0.10, 0.09 -- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-factory+owner@opensuse.org