----- Forwarded message from Andy Bennett <andyjpb@ashurst.eu.org> ----- Date: Sun, 08 Sep 2013 17:14:01 +0100 From: Andy Bennett <andyjpb@ashurst.eu.org> To: Marc MERLIN <marc@merlins.org> Cc: linux-elitists@zgp.org Subject: [linux-elitists] Congruent Infrastructure (was: Re: Surveillance) User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:10.0.12) Gecko/20130116 Icedove/10.0.12 Hi,
Which means I need to set up that build the source package and check that the binaries match thing. Anyone doing this already for your favorite distribution?
I did that at google for our distribution that runs in production, well more specifically we don't run upstream binaries at all. We've re-bootstrapped our own distribution, maintain and compile our own openssl, openssh and so forth.
We also have mostly binary invariant builds, and yes that was work, we had to patch stuff for sure. However, that process didn't tell us if the upstream binaries were the same because we modified most of our source to be leaner and compiled differently than upstream.
Home page: http://marc.merlins.org/
I notice you did this: http://marc.merlins.org/linux/talks/getupdates/ I'd be very interested in your views on things such as Puppet or Chef: I myself have been very skeptical of them. Some of the issues are outlined in this blog post (not by me): http://blog.thestateofme.com/2013/04/30/an-adventure-with-chef/ It seems that all the evangelists for such things have never heard of things like MIT Athena and http://www.infrastructures.org/ and don't seem to know much about the underlying theory. infrastructures.org describes a system similar to the one in your slides, albeit using slightly older technology. I'd be interested in your thoughts on "congruent infrastructure management" especially around the issues of avoiding divergence, proving convergence and recovery from failure that doesn't involve wiping the machine. Regards, @ndy -- andyjpb@ashurst.eu.org http://www.ashurst.eu.org/ 0x7EBA75FF _______________________________________________ Do not Cc: anyone else on mail sent to this list. The list server is set for maximum one recipient. linux-elitists mailing list linux-elitists@zgp.org http://zgp.org/cgi-bin/mailman/listinfo/linux-elitists ----- End forwarded message ----- -- Eugen* Leitl <a href="http://leitl.org">leitl</a> http://leitl.org ______________________________________________________________ ICBM: 48.07100, 11.36820 http://ativel.com http://postbiota.org AC894EC5: 38A5 5F46 A4FF 59B8 336B 47EE F46E 3489 AC89 4EC5