[Logcheck-devel] moving rules out of logcheck-database into the packages

Elmar Hoffmann debian-logcheck-devel-ml at elho.net
Sun Jul 9 17:27:43 UTC 2006


on Tue, Jul 04, 2006 at 17:36:40 +0200, martin f krafft wrote:

> > Some maintainers don't want to have to maintain logcheck rules.
> > Most  don't use logcheck. They forget to update the rules until
> > a bug is  filed, this is essentially the same situation as we have
> > now, except  that maintenance of logcheck rules is outsourced.
> Then we help these maintainers. [...]

Yes, at least for packages already under revision control, it should
be trivial to give the logcheck team commit access to the external
Though I do see a higher burden on the side of the logcheck
maintainers to do changes in dozens of different repositories instead
of just the logcheck one...

> If the goal is to support logcheck on loghosts (which sounds weird
> to me), then you should make it policy that *no* packages provide
> rule files.

It doesn't sound all that weird to me, and especially the nice macro
stuff you're working on will enable more people to do this with the
stock rulefiles (due to being able to cope with different line

While that policy suggestion sounds harsh at first, it actually
doesn't sound that bad after all. :)
Given any maintainer who wants to keep maintaining rulefiles for his
package (and doesn't prove himself incompetent at it ;P) would be
given access to do so, this wouldn't negatively effect anyone and
bring the benefits of enabling loghost usage and getting rid of the
old and unmaintained rules sitting in packages due to users submitting
them there at some point to everyone.

> Fundamentally agreed. I just very much dislike the current logcheck
> situation. I find a bug in /etc/logcheck/*/* and I can't just infer
> the name of the package from the file name; I look at rule files and
> notice that they're basically append-and-error-correct-only and
> hardly ever see lines removed because we have to support potentially
> 3-5 different versions from one package [...]

Having branches (assuming a SCM system suitable for that ;P) would be
a theoretical solution, but the non-Debian one would probably become
an unmaintained mess in practice... ;/

Another case just came to my mind; upstream shipping logcheck
rulefiles, but as I have not seen that happen yet, this might be
ignored for now. ;)

> Are there other voices?

Like in the older thread, I still tend towards having the rules in
logcheck-database. While my maintenance concerns from back then could
(ideally) be addressed by co-maintaining the external rules, the
loghost argument remains valid.



 .'"`.                                                            /"\
| :' :   Elmar Hoffmann <elho at elho.net>    ASCII Ribbon Campaign  \ /
`. `'    GPG key available via pgp.net        against HTML email   X
  `-                                                    & vCards  / \
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: Digital signature
Url : http://lists.alioth.debian.org/pipermail/logcheck-devel/attachments/20060709/059c2bbf/attachment.pgp 

More information about the Logcheck-devel mailing list