Thorsten Kukuk schrieb:
On Tue, Feb 04, Ludwig Nussel wrote:
services: files usrfiles protocols: files usrfiles ethers: files usrfiles
That's a pretty nasty trap. How about making "files" just do the right thing itself?
That's only a trap for people who don't care about their configuration files after an update. And this people are always in big danger about insecure systems or broken services ...
I don't agree with that point of view and claim the opposite. Operating system features that rely on a human reviewing rpm{old,new} files are flawed. We must design the system in such a way that it does not require interaction. Especially in cases where the user only used "approved" methods to configure the system. Means that if eg yast did the change it is in our responsibility to not maneuver the system into a state that it cannot recover from itself. If the way nsswitch.conf works is incompatible with those requirements the concept has to be retired and replaced by something smarter. Looks like nsswitch.conf kind of states the obvious most of the time anyways. Maybe we don't need it at all? Even extra authentication methods could probably be determined automatically by looking at the system. Ie if sssd or ypbind are enabled it's not unlikely that those are meant to be used for authentication, right? cu Ludwig -- (o_ Ludwig Nussel //\ V_/_ http://www.suse.com/ SUSE Software Solutions Germany GmbH, GF: Felix Imendörffer HRB 36809 (AG Nürnberg) -- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-factory+owner@opensuse.org