log to stderr (so journal) by default #541
Merged
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
in Fedora package review it became apparent that logging to a
file is rather more complex in terms of packaging and system
security than it might appear. Logging to the journal is kinda
a good practice on systemd distros (i.e. all the ones we care
about) in any case, and we can easily default to it by leaving
the 'file' setting undefined by default. Admins who want to log
to a file still easily can by defining the 'file' setting, and
then the security issues are all theirs to deal with...
This isn't very sophisticated (the severity of the messages
isn't transmitted to journald, for instance) but works well
enough, seemingly.
This change will affect existing deployments which do not have
the
file
setting in the config file explicitly specified.This is a trivial change technically speaking, the question is more whether or not we think it's a good idea. I'm just throwing it out there for discussion. The Fedora package review ticket is https://bugzilla.redhat.com/show_bug.cgi?id=1304882 , for reference, the discussion of logging bits begins in earnest around comment 17 or so.
Just to be clear, logging to file is still perfectly possible with this change, it only changes the default behaviour when the
file
setting isn't explicitly specified inopenqa.ini
(or asOPENQA_LOGFILE
env var).