著者: Hendrik Boom 日付: To: dng 題目: Re: [Dng] configuration management
On Fri, Dec 26, 2014 at 12:11:27PM +1000, Alex 'AdUser' Z wrote: > 'ucf' package already does the 'automerge or ask-user-on-fail' task.
> The only thing you should do - mark file as config during packaging.
>
> Whole /etc tree in vcs is overkill (this is based on my own experiments
> with svn, bare git and etckeeper).
>
> First trouble you will face on this way - no one popular vcs doesn't
> handle precisely owner/group and permissions, except 'x' flag. (at least
> private ssh/ssl keys, and shadow file needs to be handled with care).
So the one used for /etc will have to be modified to handle
permissions.
> Second thing - vcs can expose your sensitive data with commit history.
> Rewriting history to exclude such data if already commited - is bad idea.
Of course your local branch will have to be handled with as much
security as the information in it. I suggest it be readable and
writable by root only.
And, no, the idea isn't to share it with the rest or the world.
The idea is for the so-called vendor branch to be shared, in this case
by devuan.