[OT] Debian mailinglists [was: RE: Debian or Ubuntu?]

Derek Broughton news at pointerstop.ca
Tue May 20 19:22:56 UTC 2008

Les Mikesell wrote:

> Derek Broughton wrote:
>>>> We trust Open Source
>>>> programmers even more because we can audit their code.  Anybody who
>>>> thinks it's safer to edit a config file by hand than with a GUI isn't
>>>> on my hiring list.
>>> Safer isn't usually the point.
>> I disagree - I think it's the whole point.
> Doing something no one anticipated it often the point.  Or repeating it
> hundreds of times.  Neither works well in GUI's.

Why would "repeating hundreds of times" not work well in a GUI?  A properly
designed GUI would let you enter the change once, and apply many.
>>> If you have to edit a config file at all
>>> it is usually because either the programmer got it wrong or you want to
>>> do something he didn't consider.
>> Not at all - how do you deliver Postfix, or Apache, or even SSH fully
>> configured to do everything a particular installation will require?  They
>> always need an admin to set them up.
> There's a reason for that, which is that the programmer can't anticipate
> what you want and for the same reason can't check that it is correct.

But he _can_ check that it's correct.  For instance, to configure postfix as
a smarthost, it needs to know your ISP's SMTP server name, port, and
authorization information.  When you enter those into a config tool, it can
open a connection to the server and test it.  

>> Still everybody is thinking in terms of particular deficient tools
>> they've
>> seen.  Of _course_ the config tool needs to be part of the package
>> providing the application, and so must always be in sync.  Given that
>> assumption, it's really rather trivial to ensure that the tool is always
>> capable of modifying every possible configuration setting with every
>> possible value (though rather harder to ensure that it only permits
>> certain combinations).
> It's not trivial, and in the case of arbitrary settings isn't going to
> help you anyway.  If you have a small list of choices that just have to
> be spelled right, a wizard can help, but those aren't that hard to get
> right by yourself.

It _is_ trivial.  It's only the arbitrary parts that are at all complicated
(like the postfix ISP domain name), but they can be tested exactly the same
way the program would test them when functioning as a server.  When I run
postfix, it _will_ try to send mail through the smarthost, and _will_
generate errors if it can't connect.  If my server is written in python,
I'd even expect the entire testing suite to exist, so validating changes is
simply a matter of invoking the test.  

> Start by assuming the program is wrong and that's why you have to fix it
> and maybe you'll see the problem.

Which program?  The gui config tool?  Why would I assume _it's_ wrong any
more than I would assume somebody screwed up the config in an editor?

>> If I was your boss, I'd need a written explanation of exactly why you had
>> to hand-edit a config file for a sensitive server before I'd permit it if
>> there was a tool available for it.
> If it is a sensitive server, the changes should be under revision
> control which is trivial with things controlled by text files and
> arbitrary editors and generally impossible with wizardly things.  

Sorry, that's an insane statement.  If I am editing a config file with an
editor, it's up to me to make sure changes are checked into version
control.  If I'm editing it with a wizard, I'd absolutely build svn right
into the wizard.  It's not only not "generally impossible" it's a sight
simpler.  I've never suggested that we make the config files
non-human-readable, I just don't want them edited directly by people.

More information about the ubuntu-users mailing list