[OT] Debian mailinglists [was: RE: Debian or Ubuntu?]

Derek Broughton news at pointerstop.ca
Tue May 20 16:08:25 UTC 2008 

Les Mikesell wrote:

> Derek Broughton wrote:
> 
>> We trust Open Source
>> programmers even more because we can audit their code.  Anybody who
>> thinks it's safer to edit a config file by hand than with a GUI isn't on
>> my hiring list.
> 
> Safer isn't usually the point.  

I disagree - I think it's the whole point.

> If you have to edit a config file at all 
> it is usually because either the programmer got it wrong or you want to
> do something he didn't consider.  

Not at all - how do you deliver Postfix, or Apache, or even SSH fully
configured to do everything a particular installation will require?  They
always need an admin to set them up.

> If you insist on having program 
> verification of everything, you won't be able to fix the situation where
> the program is wrong and you won't be able to deal with any new
> situations the programmer didn't expect.  Also if the GUI editor is not
> actually part of the program in question there's a very good chance that
> it will be out of sync with the syntax is is supposed to help you with.

Still everybody is thinking in terms of particular deficient tools they've
seen.  Of _course_ the config tool needs to be part of the package
providing the application, and so must always be in sync.  Given that
assumption, it's really rather trivial to ensure that the tool is always
capable of modifying every possible configuration setting with every
possible value (though rather harder to ensure that it only permits certain
combinations).
> 
>>  There's a very good reason that /etc/sudoers contains this warning:
>> 
>> # This file MUST be edited with the 'visudo' command as root.
>> 
>> It's not a GUI (though actually, it could be) but it forces verification
>> of the file before actually replacing the old file
> 
> If it were a GUI - and actually required... you wouldn't be able to fix
> it easily remotely or with just a console login.

Please explain - I don't believe that.  GUI doesn't, for instance, exclude
curses-based interfaces.
> 
> There is a valid point that programs should provide a way to check the
> syntax of their own configs that is less drastic than restarting them
> and crashing, but the idea that something should keep you from making
> changes that no one thought about before is very un-unix-like.  If you
> can't break it, you probably also can't improve it.
>
I don't disagree with that, and know that absolutely preventing hand-editing
is _never_ going to happen.  But as someone who has brought down major
banking systems by making the wrong config change, I'm also very aware of
the need to make some applications bullet-proof.

If I was your boss, I'd need a written explanation of exactly why you had to
hand-edit a config file for a sensitive server before I'd permit it if
there was a tool available for it.
-- 
derek

More information about the ubuntu-users mailing list