[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Debconf or not debconf

On Wed, Jul 02, 2003 at 06:34:53PM -0400, Jim Penny wrote:

> > > It breaks 100% of stunnel installations.  The old stunnel was
> > > command line oriented, the current one is configuration file
> > > oriented.  It would be very difficult to write a converter.

> > > I am going to disagree with most responders here.  I think that in
> > > the case that if upgrading a package introduces substantial risk of
> > > breakage, a debconf message is quite appropriate. When a security
> > > related package has high risk of breakage, it is urgent. 

> > > Now, this breakage happens to be somewhat benign, in that without
> > > configuration, it does not function at all. But it is also somewhat 
> > > difficult to test for many uses.  Further,  when the unconfigured
> > > system fails to start, the failure is completely silent. This adds 
> > > to the problems.

> > My original argument stands:  we should not be telling our users that
> > we broke their system, because we shouldn't be breaking it in the
> > first place.  In this instance, it sounds to me like a bout of
> > upstream bogosity has resulted in a rather grave regression in the
> > quality of the software.  Why would it ever be a good idea to *not*
> > give users the ability to control the program using commandline
> > options?

> Because of security considerations.  The configuration file is read on
> startup, and then stunnel chroots away, so that it is no longer visible.
> The command line interface leaked information, internal IP
> structure, internal ports, etc. that a really paranoid person might
> prefer not be visible.

This is still a stupid reason to break support for the previous method
of configuration.  A really sane person has better things to worry about
than whether someone logged into his server can see where a given SSL
tunnel is forwarding to.  Things like, not having his system broken by
software upgrades.

> While it is indeed preferable to not break things, there are times when
> avoiding breakage is quite difficult.  This appears, to me, to be
> one of those times.

Not to me.

Steve Langasek
postmodern programmer

Attachment: pgpB8rq8h4Dz5.pgp
Description: PGP signature

Reply to: