removing untracked files created by previous version
[Please Cc: me on replies.]
Dear mentors,
I maintain the package micro-evtd. I am preparing an updated version
of my package to fix the serious bug #666218. My sponsor has asked me
to seek your feedback on a separate bug that I found in my packaging.
While running, micro-evtd periodically writes a status file containing
temperature and fan speed information. In the upstream code, this
file has a hard-coded location in /tmp. I have fixed bug #513353
(insecure /tmp file creation) in testing, but my fix is buggy in that
it results in the status file being created in the same directory
where the the daemon's event handler script resides; in Debian, this
is /usr/sbin.
To sum up: any system that has had version 3.4-1 of micro-evtd
installed is likely to contain a status file in /usr/sbin that dpkg
doesn't know about, and I'm not sure what the best way to resolve this
is.
The micro-evtd 3.4-2 package currently available on m.d.n, in its
postinst, unconditionally removes the generated file, if it finds it.
Before releasing this update I will ensure that the removal only
happens when upgrading from 3.4-1. Is this safe to do? Are there
other safety measures that I should consider, or is this something I
should just notify the administrator about and let them deal with?
Thanks,
Ryan
Reply to: