[OT] Debian mailinglists [was: RE: Debian or Ubuntu?]

[Les Mikesell]

Derek Broughton wrote:
> 
>>> We trust Open Source
>>> programmers even more because we can audit their code.  Anybody who
>>> thinks it's safer to edit a config file by hand than with a GUI isn't on
>>> my hiring list.
>> Safer isn't usually the point.  
> 
> I disagree - I think it's the whole point.

Doing something no one anticipated it often the point.  Or repeating it 
hundreds of times.  Neither works well in GUI's.

>> If you have to edit a config file at all 
>> it is usually because either the programmer got it wrong or you want to
>> do something he didn't consider.  
> 
> Not at all - how do you deliver Postfix, or Apache, or even SSH fully
> configured to do everything a particular installation will require?  They
> always need an admin to set them up.

There's a reason for that, which is that the programmer can't anticipate 
what you want and for the same reason can't check that it is correct.

>> If you insist on having program 
>> verification of everything, you won't be able to fix the situation where
>> the program is wrong and you won't be able to deal with any new
>> situations the programmer didn't expect.  Also if the GUI editor is not
>> actually part of the program in question there's a very good chance that
>> it will be out of sync with the syntax is is supposed to help you with.
> 
> Still everybody is thinking in terms of particular deficient tools they've
> seen.  Of _course_ the config tool needs to be part of the package
> providing the application, and so must always be in sync.  Given that
> assumption, it's really rather trivial to ensure that the tool is always
> capable of modifying every possible configuration setting with every
> possible value (though rather harder to ensure that it only permits certain
> combinations).

It's not trivial, and in the case of arbitrary settings isn't going to 
help you anyway.  If you have a small list of choices that just have to 
be spelled right, a wizard can help, but those aren't that hard to get 
right by yourself.

>>>  There's a very good reason that /etc/sudoers contains this warning:
>>>
>>> # This file MUST be edited with the 'visudo' command as root.
>>>
>>> It's not a GUI (though actually, it could be) but it forces verification
>>> of the file before actually replacing the old file
>> If it were a GUI - and actually required... you wouldn't be able to fix
>> it easily remotely or with just a console login.
> 
> Please explain - I don't believe that.  GUI doesn't, for instance, exclude
> curses-based interfaces.

Start by assuming the program is wrong and that's why you have to fix it 
and maybe you'll see the problem.

>> There is a valid point that programs should provide a way to check the
>> syntax of their own configs that is less drastic than restarting them
>> and crashing, but the idea that something should keep you from making
>> changes that no one thought about before is very un-unix-like.  If you
>> can't break it, you probably also can't improve it.
>>
> I don't disagree with that, and know that absolutely preventing hand-editing
> is _never_ going to happen.  But as someone who has brought down major
> banking systems by making the wrong config change, I'm also very aware of
> the need to make some applications bullet-proof.

Did you do a diff against a known good copy to check your changes before 
activating them?

> If I was your boss, I'd need a written explanation of exactly why you had to
> hand-edit a config file for a sensitive server before I'd permit it if
> there was a tool available for it.

If it is a sensitive server, the changes should be under revision 
control which is trivial with things controlled by text files and 
arbitrary editors and generally impossible with wizardly things.  And if 
there is a tool that knows what the change should be, let it make the 
change itself instead of wasting a person's time.

-- 
   Les Mikesell
    lesmikesell at gmail.com