On 12-06-02 at 12:52pm, Tollef Fog Heen wrote: > ]] Jonas Smedegaard > > > > A problem with using policy-rc.d is you don't know whether a > > > service is being started because it's the initial install or if > > > it's because of an upgrade. I'll sometimes not want the service > > > to start on initial installation (because chef is just about to > > > plop its configuration into place), but if it's an upgrade, then > > > please just restart the service. > > > > You could setup your local policy to check if the service exist in > > e.g. /etc/local-ok-services/ and then when you've customized or > > security-checked or whatever each service you do a > > > > touch /etc/local-ok-services/$service > > > > Or did I misunderstand? > > You could do something like this, and it would handle most cases, but > not all corner cases. However, it's a workaround for information that > the system already has. The postinst already know whether it's an > initial installation or not, invoke-rc.d and policy-rc.d should just > be told so it can make a better decision. > > (An obvious problem with having a whitelist is then what happens when > you purge a package? It won't magically be removed from the whitelist > and so you end up in an unwanted situation.) > > > (We haven't spoken much in person, but I regard you as pretty clever > > so am surprised that you describe this as a problem and I feel it so > > simple to solve...) > > The 90% solution is easy, I don't think the 100% solution is that > easy. I haven't investigated it deeply though.
Makes sense. Thanks - my confidence in you is now restored :-D - Jonas -- * Jonas Smedegaard - idealist & Internet-arkitekt * Tlf.: +45 40843136 Website: http://dr.jones.dk/ [x] quote me freely [ ] ask before reusing [ ] keep private
signature.asc
Description: Digital signature
