]] Jonas Smedegaard > > A problem with using policy-rc.d is you don't know whether a service > > is being started because it's the initial install or if it's because > > of an upgrade. I'll sometimes not want the service to start on > > initial installation (because chef is just about to plop its > > configuration into place), but if it's an upgrade, then please just > > restart the service. > > You could setup your local policy to check if the service exist in e.g. > /etc/local-ok-services/ and then when you've customized or > security-checked or whatever each service you do a > > touch /etc/local-ok-services/$service > > Or did I misunderstand?
You could do something like this, and it would handle most cases, but not all corner cases. However, it's a workaround for information that the system already has. The postinst already know whether it's an initial installation or not, invoke-rc.d and policy-rc.d should just be told so it can make a better decision. (An obvious problem with having a whitelist is then what happens when you purge a package? It won't magically be removed from the whitelist and so you end up in an unwanted situation.) > (We haven't spoken much in person, but I regard you as pretty clever so > am surprised that you describe this as a problem and I feel it so simple > to solve...) The 90% solution is easy, I don't think the 100% solution is that easy. I haven't investigated it deeply though. -- Tollef Fog Heen UNIX is user friendly, it's just picky about who its friends are -- To UNSUBSCRIBE, email to debian-devel-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/87zk8mm1ec....@xoog.err.no
