On Monday 22 December 2008 09:13:05 am Alain PORTAL wrote: > > I think that fcron should be the default scheduler in fedora. > > fcron, with the service fcron_watch_config activated should now be > > 100% compatible with vixie-cron (cronie). The fcron_watch_config stuff > > is a bit convoluted (3 scripts and one C program...) but should work. > > > > The advantages over cronie are the following: > > * it also does what anacron does > > * it has more features > > * instead of waking up every minutes to look at config files, like > > cronie do, it uses inotify to watch the config. This should lead to > > less awaking and certainly be interesting for power saving in some > > situations There are some disadvantages, too. 1) it does not support polyinstantiation - needed for MLS 2) It also does not send audit events based on denying a cron job. 3) Its pam settings do not support the audit system out of the box. 4) Its default pam settings need alignment with vixie-cron in general. It would appear to not have had security reviews like vixie-cron has. In a few minutes I found what appears to be a potentially serious security problem. I've reported it upstream last week and no reply at all. I have not done a full code review like I would for our cert efforts, so there may be more problems waiting. > Do you intend to package fcron for EPEL? You have to be careful switching out core pieces of software that performs a security sensitive role. The lack of attacks on most of Fedora is due to years of review and feedback on code. -Steve -- fedora-devel-list mailing list fedora-devel-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-devel-list
