Re: Debconf or not debconf

To: debian-devel@lists.debian.org
Subject: Re: Debconf or not debconf
From: Steve Langasek <vorlon@netexpress.net>
Date: Wed, 2 Jul 2003 18:07:53 -0500
Message-id: <[🔎] 20030702230751.GB15473@tennyson.netexpress.net>
Mail-followup-to: debian-devel@lists.debian.org
In-reply-to: <[🔎] 20030702183453.7fb4752b.jpenny@universal-fasteners.com>
References: <[🔎] 200307011712.09325.speedblue@debian.org> <[🔎] 20030702014001.GB6719@quetzlcoatl.dodds.net> <[🔎] 20030702105029.6c494b6e.jpenny@universal-fasteners.com> <[🔎] 20030702205700.GG14635@tennyson.netexpress.net> <[🔎] 20030702183453.7fb4752b.jpenny@universal-fasteners.com>

On Wed, Jul 02, 2003 at 06:34:53PM -0400, Jim Penny wrote:

> > > It breaks 100% of stunnel installations.  The old stunnel was
> > > command line oriented, the current one is configuration file
> > > oriented.  It would be very difficult to write a converter.

> > > I am going to disagree with most responders here.  I think that in
> > > the case that if upgrading a package introduces substantial risk of
> > > breakage, a debconf message is quite appropriate. When a security
> > > related package has high risk of breakage, it is urgent. 

> > > Now, this breakage happens to be somewhat benign, in that without
> > > configuration, it does not function at all. But it is also somewhat 
> > > difficult to test for many uses.  Further,  when the unconfigured
> > > system fails to start, the failure is completely silent. This adds 
> > > to the problems.

> > My original argument stands:  we should not be telling our users that
> > we broke their system, because we shouldn't be breaking it in the
> > first place.  In this instance, it sounds to me like a bout of
> > upstream bogosity has resulted in a rather grave regression in the
> > quality of the software.  Why would it ever be a good idea to *not*
> > give users the ability to control the program using commandline
> > options?

> Because of security considerations.  The configuration file is read on
> startup, and then stunnel chroots away, so that it is no longer visible.
> The command line interface leaked information, internal IP
> structure, internal ports, etc. that a really paranoid person might
> prefer not be visible.

This is still a stupid reason to break support for the previous method
of configuration.  A really sane person has better things to worry about
than whether someone logged into his server can see where a given SSL
tunnel is forwarding to.  Things like, not having his system broken by
software upgrades.

> While it is indeed preferable to not break things, there are times when
> avoiding breakage is quite difficult.  This appears, to me, to be
> one of those times.

Not to me.

-- 
Steve Langasek
postmodern programmer

Attachment: pgpB8rq8h4Dz5.pgp
Description: PGP signature

Reply to:

References:
- Debconf or not debconf
  - From: Julien LEMOINE <speedblue@debian.org>
- Re: Debconf or not debconf
  - From: Steve Langasek <vorlon@netexpress.net>
- Re: Debconf or not debconf
  - From: Jim Penny <jpenny@universal-fasteners.com>
- Re: Debconf or not debconf
  - From: Steve Langasek <vorlon@netexpress.net>
- Re: Debconf or not debconf
  - From: Jim Penny <jpenny@universal-fasteners.com>

Prev by Date: Re: Gnome2 in sarge
Next by Date: Bug#199752: ITP: zebra-pj -- A possible successor to the orphaned Zebra OSPF/RIP/BGP routing suite
Previous by thread: Re: Debconf or not debconf
Next by thread: Re: Debconf or not debconf
Index(es):
- Date
- Thread