On Mon, Jan 02, 2023 at 12:01:54PM -0800, Noah Meyerhans wrote: > There are several examples of packages installing files to > /usr/lib/sysctl.d, but I haven't found any specific guidance on policies > about what's appropriate for them. Since sysctl variables change the > system behavior in a way that's not limited to the package changing the > setting, and since the package in question (iputils-ping) is Priority: > important and part of the default install, I won't want to make any > changes without consulting here first. [snip] > After applying this change, I believe it'd be appropriate to drop ping's > setcap/setuid settings from postinst altogether, though I'd be open to > other options. [2] I personally would prefer giving the administrator a way to change that. Maybe add a low priority debconf question with a "ping is not setuid" default, then mention that debconf setting in a comment in the file that the package installs in the sysctl.d/ directory. Other than that, I think making ping not setuid is a great idea. G'luck, Peter -- Peter Pentchev roam@ringlet.net roam@debian.org pp@storpool.com PGP key: http://people.FreeBSD.org/~roam/roam.key.asc Key fingerprint 2EE7 A7A5 17FC 124C F115 C354 651E EFB0 2527 DF13
Attachment:
signature.asc
Description: PGP signature