> Finally, the read only file systems on a writable medium susceptible > to all sorts of failure modes is a silly silly useless trick. This > does not provide any real technical benefit but your own discomfort. >
Pipe it down a bit will you. I use ro root, /dev in tmpfs and /usr ro as well as any partition where writes do not happen at any time. It is called defence in depth. Consider a potential bug in tar when run as root, damaged /usr or / is easily fixed with OpenBSD (one of it's ace cards) but I have been saved time by ro root before, though I forget the details and probably just a testing system. When considering doas, etc., I believe a ro mount to be far simpler than DACs even if they are well tested. It is also quite reassuring to see clean clean clean clean after a power failure. Of course a hard drive head could have crashed onto that area, but very unlikely and I'm not sure fsck would catch that anyway. UPS do fail too btw. I had to rip some cheap APC ones out because they caused more downtime than they saved! > > Except just this time now, when your self managing became a bug report, > which is not a bug, and you insisted on your way of having it reported. > > Now admit it, you support yourself when you make incompatible changes. Which is fair enough but has already been said. -- KISSIS - Keep It Simple So It's Securable
