:: Re: [Dng] configuration management
Startseite
Nachricht löschen
Nachricht beantworten
Autor: Hendrik Boom
Datum:  
To: dng
Betreff: Re: [Dng] configuration management
On Fri, Dec 26, 2014 at 12:11:27PM +1000, Alex 'AdUser' Z wrote:
> 'ucf' package already does the 'automerge or ask-user-on-fail' task.
> The only thing you should do - mark file as config during packaging.
>
> Whole /etc tree in vcs is overkill (this is based on my own experiments
> with svn, bare git and etckeeper).
>
> First trouble you will face on this way - no one popular vcs doesn't
> handle precisely owner/group and permissions, except 'x' flag. (at least
> private ssh/ssl keys, and shadow file needs to be handled with care).


So the one used for /etc will have to be modified to handle
permissions.

> Second thing - vcs can expose your sensitive data with commit history.
> Rewriting history to exclude such data if already commited - is bad idea.


Of course your local branch will have to be handled with as much
security as the information in it. I suggest it be readable and
writable by root only.

And, no, the idea isn't to share it with the rest or the world.
The idea is for the so-called vendor branch to be shared, in this case
by devuan.

-- hendrik