From mboxrd@z Thu Jan 1 00:00:00 1970 From: Steve Grubb Subject: Re: get_field_str() and interpret_field() bug with multi-word fields Date: Tue, 12 Aug 2008 17:24:08 -0400 Message-ID: <200808121724.09725.sgrubb@redhat.com> References: <0E43BF2D7491F0468B56B1A5C493866B020DD0F1@SAT4MX07.RACKSPACE.CORP> <200808121632.55341.sgrubb@redhat.com> <48A1FBFE.1000208@redhat.com> Mime-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: 7bit Return-path: In-Reply-To: <48A1FBFE.1000208@redhat.com> Content-Disposition: inline List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Sender: linux-audit-bounces@redhat.com Errors-To: linux-audit-bounces@redhat.com To: John Dennis Cc: William Kelly , linux-audit@redhat.com, Bret Piatt List-Id: linux-audit@redhat.com On Tuesday 12 August 2008 17:09:18 John Dennis wrote: > The fact you can have any combination of kernel, user code, and > historical log files is precisely why this need to be fixed ASAP. Why? > Because there is no value in being backwards compatible with a data > stream you can't read when any of the three components (kernel, user > libraries, files) are permuted. John, you are very wrong here. We are about to role out remote logging for the audit system. Anyone who works on production systems knows that they stay deployed for many years because re-deploying takes manhours and is therefore a cost sink. The less you touch a system, the better off you are financially. So, in the future you will likely have a RHEL6 machine aggregating RHEL5 machines. They will not be happy if they find that they have to upgrade all the machines just to do reports. There's no way I'm going to tell people we are cutting you off, you have to upgrade. -Steve