jgreco
Resident Grinch
- Joined
- May 29, 2011
- Messages
- 18,680
Indeed, but can the devs do anything about that?
I'm all for the user bearing the consequences of his error, but I also think that if the devs can make a change that (1) prevents or mitigates that error, and (2) does not break the rest of the system, that should be considered. A couple of candidate changes might be (a) remove the pkg binary from the base install, or (b) do 'pkg lock' on the base system packages. I don't know enough about the FreeBSD package system to know the ramifications of (b)--it seems it would prevent inadvertent removal, but I don't know what else (if anything) it might break. I'd guess that (a) is probably too drastic of a change.
@neatfreak made a mistake, and fortunately for him, there's a fairly straightforward path to fix it. But if the system can do something to keep future users from making that mistake, shouldn't that be considered?
I think I'd be resistant to losing the package manager. As an appliance in a business environment, FreeNAS isn't going to be getting constantly updated. For example, downing a filer that's serving VM's means that all the VM's either need to be shut down or migrated off first. So when you have something like the next inevitable OpenSSL catastrophe, and you really want to address that one single vuln, having the package manager there means you could address that one issue, just by updating the package, without being forced into a massive operation that involves a jarring firmware upgrade and also a reboot.
As for locking, as I mentioned before, that's one highly specific fix to address one very narrow error a user could make, and it probably makes it a lot more complicated to do upgrades, etc., since the current paradigm for upgrades involves taking a snapshot and then upgrading things in place. I agree it could be done, but it seems like a lot of work to prevent a narrow user-error case.