wireguard dkms systemd

Daniel Kahn Gillmor dkg at fifthhorseman.net
Sun Nov 4 04:24:56 CET 2018


On Fri 2018-11-02 18:27:55 -0500, Reuben Martin wrote:
> All this discussion about service management kinda misses the
> point. You're swapping out a kernel module. There will always be
> risk. Changing service management procedures won't mitigate that. If
> you do not have a means to connect outside of the VPN connection, and
> the module (or service) fail, you're SOL.

I think you're saying that such a migration is complicated,
idiosyncratic, and might fail -- so we should automate it and let the
admin pick up the pieces if it breaks.

I think i agree that it's complicated, idiosyncratic, and might fail --
by my conclusion is that we *shouldn't* automate it on behalf of the
local admin, but rather let them plan their own migration.  *shrug*

Again, if you have a suggestion for how to reduce the risk, i'm all
ears, but i'm not about to encourage automated breakage in the package
management.

        --dkg


More information about the WireGuard mailing list