Thomas de Grenier de Latour wrote: > I think that protection against harmfull new config files should > be selective to be useful. It should only affect directories > from which files are blindly sourced by some services you are > already running. There, and only there¹, new config files are > unexpected change of your existing configuration, and thus lead > to unexpected behaviors. > [...] > The directories i'm thinking of are all this /etc/*.d/: "acpi.d", > "logrotate.d", "pam.d", etc. There, adding a new file is really > just like appending a new chunk to an existing config file.
Indeed. But not only those, also the cron.*ly directories. The specific example I was thinking of is slocate, that isntalls a script into /etc/cron.daily, which I don't want there. > Implementation of a special anti-new-file-protection for this > critical directories could be done in at least two ways: > - a global NEW_CONFIG_PROTECT variable [...] > - an ebuild-specific variable, [...] Or via the config file of etc-update. Let the package manager always create ._cfg* files in the protected areas, and let the updater tool figure out from its configuration which files can be automerged and which to show diffs for. Benno -- gentoo-dev@gentoo.org mailing list
