random suggestion: system_identification from CSI / Fedora Infrastructure

Simo Sorce simo at redhat.com
Fri Feb 21 16:27:08 UTC 2014


On Sat, 2014-02-08 at 04:23 -0500, Matthew Miller wrote:
> When you ssh into people.fedoraproject.org, you get some information
> including this bit:
> 
> Security Category: Low
> Primary Contact: Fedora Admins - admin at fedoraproject.org 
> Purpose: Provide hosting space for Fedora contributors and Fedora Planet
> 
> 
> This comes from
> http://infrastructure.fedoraproject.org/csi/security-policy/en-US/html-single/#HostGeneralSecurity-System-Identification
> 
> That's pretty neat. A lot of big organizations may have policies and a
> system like that, but it strikes me as something that would be neat to
> integrate into Fedora Server by default.

To be honest I think it is a terrible idea to drop this information into
an /etc file, because it would be a maintenance burden with the very
plausible outcome of being a source of confusion.

This kind of information is normally held into a centralized catalog for
obvious reasons, if you have that many systems that you need to write
this down, you have to many to consult them one by one anyway, you need
a central place where you can report on this stuff.

And you do not want to have to create services to synchronize this
information locally. It is just useless busy work. But once the file
exist you have to do it because otherwise people can get confused (or
worse, programs can misbehave) if the information in the local file is
wrong.

My 2c,
Simo.

-- 
Simo Sorce * Red Hat, Inc * New York



More information about the server mailing list