Jim,
> Gary Winiger writes:
> > I'm sponsoring this fast track for myself and the Solaris Audit project
> > team. I've batched together a number of changes that could be handled
> > independently, but seemed to largely fit together. If members would
> > like them separated, I'll be happy to do so.
>
> I think this would have been better with more bundling (including the
> actual removal and transition plan), but I guess you can't please
> everyone.
I'm assuming you're not asking me to separate this into a number
of cases for the announcement, but are asking if the announcement
and removal could be bundled into the same case(s).
Sigh, except for renaming bsmrecord, they're not ready yet.
The project team is trying to get EOF announcement stuff done
early in the next Solaris update cycle.
The thrust of all the changes is to have all the auditd service
configuration reside in smf properties, to enable and disable
Audit via svcadm, to configure properties with svccfg or auditconfig,
with no more editing of /etc/security files.
Without knowing how upgrade from S10 to OpenSolaris is intended
to function, the project team is still working out details. It
would be a great help to the project team if the committee could
point the team to guidance for upgrade from S10 to OpenSolaris.
It's unclear to the project team where and whether Major or Minor
Release Binding rules are to be applied.
I don't believe this case is about creating that guidance.
> > This case also requests approval for the removal/replacement of
> > bsmrecord(1M)
> > in a Minor release. bsmrecord(1M) is to be replaced with auditrecord(1M).
> > This consists renaming of the existing bsmrecord source, binary and man page
> > and replacing docs references.
>
> Would anyone be using bsmrecord in a script? Reading through the man
> page, it seems like it was intended to be used as a CGI program. If
> so, would a link to the old name be appropriate so that existing
> consumers don't break on removal?
In the project team's experience bsmrecord is not widely used.
Its purpose is to document the contents of audit records so
docs.sun.com wouldn't require changing for every new event
added to the system. bsmrecord is usually used interactively
by the admin when analyzing the audit trail. Someone certainly
could have built a web tool that used it. Leaving a symlink
is certainly doable, but defeats the purpose of getting rid of
administrative interfaces with "bsm" in them. Again committee
guidance of Major/Minor Release Binding rules would be appreciated.
Gary..
