[Yarnage]

>I'm forced to wonder from your comments throughout this thread whether you have much real-world development experience, versus having just ingested a bunch of theoretical information on best practices. The things you're dismissing out of hand happen all the time, and while sometimes they're useless, more often they're all the documentation you'll get, and you'll feel exceedingly lucky to get even them.

This is highly arrogant comment. There was no need to be rude. I've been developing and working with actual data for over a decade now. Yes, in the real world sometimes comments are transmitted over the line but I'm sure you can agree that isn't a good idea. Yes, many times you don't get good documentation but you make it sound like that's acceptable and anyone who thinks otherwise doesn't have real-world experience.

In all honestly I would expect comments generated from some odd software packages but it's been an incredibly long time since I've seen data transmissions that contain comments. In environments dealing with petabytes of data you can't afford to send comments with every single file.

As for Puppet, I think you misunderstand my point. Yes, it is a root-level tool. That doesn't mean any user should have the same permissions as Puppet. Why wouldn't you simply place configuration files people shouldn't modify in places where they don't have permission but Puppet does? Honestly, I thought that was standard practice.

[nknight]

You can claim all the experience you want, but your statements belie the truth. JSON is in no way limited to raw data interchange, and the files puppet manages cannot be put off to one side in some magical place where root cannot access them. System administrators will always have access to the files no matter where they are or what permissions you have set, and they need to know that the files are being automatically managed. The system also needs to know where to find the files, you can't start randomly moving /etc/fstab around, for example.

[Yarnage]

>You can claim all the experience you want, but your statements belie the truth. JSON is in no way limited to raw data interchange,

I never stated such a thing but that is what it's designed for and the primary use-case for JSON. I would imagine most other cases are edge-cases.

>and the files puppet manages cannot be put off to one side in some magical place where root cannot access them.

No one said to push them off to the "side" or into some "magical place". It's really simple: puppet has permissions to the files, your users do not.

A system administrator worth his salt isn't going to be messing with configuration files any which way and if said administrator has ROOT access then they should already know that's the level where puppet works and they could screw something up.

So I'm not really sure what your point was...