Bug#904558: marked as done (What should happen when maintscripts fail to restart a service)

["Debian Bug Tracking System" <owner@bugs.debian.org>]

Your message dated Wed, 17 Apr 2019 21:41:45 +0200
with message-id <[🔎] 84d404a6642454b541550ec53c908e94@debian.org>
and subject line Re: Bug#904558: What should happen when maintscripts fail to restart  a service
has caused the Debian Bug report #904558,
regarding What should happen when maintscripts fail to restart a service
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact owner@bugs.debian.org
immediately.)


-- 
904558: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=904558
Debian Bug Tracking System
Contact owner@bugs.debian.org with problems

--- Begin Message ---

• To: submit@bugs.debian.org
• Subject: What should happen when maintscripts fail to restart a service
• From: Sean Whitton <spwhitton@spwhitton.name>
• Date: Wed, 25 Jul 2018 12:07:59 +0800
• Message-id: <877elkdkkg.fsf@silentflame.com>

Package: tech-ctte
X-debbugs-cc: debian-policy@lists.debian.org
Control: block 780403 by -1

I hereby request advice from the Technical Committee on a decision that
I must take in my role as a Debian Policy delegate.  To be completely
clear, I am not seeking a decision.  I refer to the third power of the
T.C. listed under section 6.1 of the Debian Constitution: "Any person or
body may ... seek advice from [the Technical Committee]."

In bugs #780403 and #802501 the following question has been asked (I
quote Daniel Pocock):

    If postinst or one of the other scripts does a service restart and
    the restart operation fails, should the postinst abort or should it
    mask the error, continue and return success?

At present the Policy Manual does not answer this question, and thus it
is left up to maintainer discretion: whatever the maintainer thinks
makes sense for the service in question.

Others have pointed out, however, that this means that users will see
inconsistent behaviour.  There is no practical way for a user to
determine what will happen when installing a given package that starts
or restarts a service, if that start or restart attempt fails.  So if it
were possible to come up with consistent answer to the question posed,
it would be useful to our users.

As a Policy delegate I want to move this issue along, and I can see
three ways of doing that:

1. write a patch to explicitly state in Policy that what happens when a
   service (re)start fails in a maintscript is left up to package
   maintainer discretion, and close the bugs

2. make a further attempt to establish consensus on a requirement that
   maintscripts are consistent in the case of a (re)start failure (this
   is the default option, so to speak, and I cannot see it succeeding)

3. ask the T.C. to decide what maintscripts should do in these cases.

The general question about which I am seeking advice: does the
T.C. think that Debian can be consistent on service (re)starts in
maintscripts, or is the best we can do to leave it up to package
maintainer discretion?

Thanks.

-- 
Sean Whitton

Attachment: signature.asc
Description: PGP signature

--- End Message ---

--- Begin Message ---

• To: Sean Whitton <spwhitton@spwhitton.name>, 904558-done@bugs.debian.org
• Cc: Debian Ctte <debian-ctte@lists.debian.org>
• Subject: Re: Bug#904558: What should happen when maintscripts fail to restart a service
• From: Margarita Manterola <marga@debian.org>
• Date: Wed, 17 Apr 2019 21:41:45 +0200
• Message-id: <[🔎] 84d404a6642454b541550ec53c908e94@debian.org>
• In-reply-to: <877elkdkkg.fsf@silentflame.com>
• References: <877elkdkkg.fsf@silentflame.com>

Apologies for the long delay.

We discussed this issue in several TC meetings without being able to make

real progress.

After several rounds of discussions we came to the conclusion that the

reason why we can't make progress is that we always end up hitting the wall of "The Technical Committee does not engage in design of new proposals and policies". While we recognize that this is a problem worth fixing, this is not something that we can fix as a body and need the help of the Developers

to do it.

On the one hand, maintainers want to be able to notify sysadmins when

things don't go as expected. On the other hand, sysadmins don't want their systems to be left in weird/broken states because one single thing didn't

go as expected.

A failing maintscript is a horrible way of notifying sysadmins, but it's
the only one available up to now and so package maintainers use it when
they think the failure is critical enough.

So, the TC declines to rule on what should maintscripts do when failing to

(re)start a service (or otherwise encountering a similarly serious
problem).

Instead, we recommend that a work group of developers is formed, to create a better mechanism of notification that can be used to let sysadmins know

when things don't go as expected on their systems, without leaving the

machines in weird/broken states. Given that this is a problem faced by many Linux distributions, it would be nice if this mechanism was developed and published in a non Debian specific way that made it also available for other

distributions to use.

Once that mechanism exists, we would strongly recommend that almost all
failures use this mechanism, instead of failing maintscripts.

--
Marga, on behalf of the Technical Committee

--- End Message ---