anonym wrote (23 Mar 2016 12:32:15 GMT) : > * The scripts configuration bits should be idempotent and always ensure > that the full expected configuration is in place: this simplifies things > a lot and generally results in more robustness by making sure we don't > end up in "half-configured" broken states that we cannot automatically > recover from, and by making many assumptions explicit and handled.
Just in case those who will make it happen are excited about it: a tool Ansible or Puppet would help providing the idempotent property. > * It's pretty nice to use Debian's default configuration as templates > since they generally set sane and secure settings by default, and are > maintained. Since this implies that we have to patch an existing > configuration, I expect us to end up using ugly regex-based solutions, > but I think it provides so many advantages that it is worth it. > Otherwise we could provide our own template configurations and use ERB, > but then we need to maintain these ourselves (e.g. sync with Debian's > configurations regularly) and I expect it will make user modifications > to configurations much harder to support. Thankfully this is not a new problem, and there are existing solutions around for many file formats, that avoid having to write the Nth half-working parser for them; e.g. Augeas is pretty good. Config::Model might be worth looking at as well, but I have no experience with it personally (IIRC bertagaz looked into it years ago though). Cheers! -- intrigeri _______________________________________________ Tails-dev mailing list Tails-dev@boum.org https://mailman.boum.org/listinfo/tails-dev To unsubscribe from this list, send an empty email to tails-dev-unsubscr...@boum.org.