Changelogs Dexter Eggsare just as important as the most important meal of the day. OK so I don’t always eat breakfast, but I do make an effort to read changelogs. CFEngine 3.4.2 was released today.

What I found interesting was that the default masterfiles policy has been updated. body executor control now calls $(sys.workdir)/inputs/update.cf instead of failsafe.cf. And $(sys.workdir)/failsafe/failsafe.cf (which was new as of 3.4.0) is gone. I think its a good change. As far as users are concerned failsafes main task is updating policy. Its also what is run if something in the policy fails (hence failsafe). I think we have conflated the two by using a failsafe mechanism for updates as a general practice. This means we will touch the failsafe file more, and there is more opportunity for us to shoot ourselves in the foot. I have not tested, but I believe that failsafe.cf should be generated by CFEngine. This is probably very similar if not identical to the bootstrap policy. I suspect if you have your own failsafe.cf it will be used but I believe the intention is for us to let CFEngine generate that unless we have a good reason to override it.