Bug#36972: dpkg: dpkg can remoev vital files/symlinks without warning adminitrator
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
>Steve ignored dpkg's prompts about /etc/listar/listar.cfg when he upgraded his
>listar package.
There was no warning that stated that there was a major change from
previous versions, that files/symlinks/directories vital to the operation of
the program were going to be removed. It was the standard "new
configuration" prompt which in nearly EVERY case can be safely ignored. In
fact, Listar is the first package in the year+ I've been using Debian which
broke so utterly.
>Furthermore, if the admin is prompted everytime a file moves, is renamed, or
>disappears, people will never be able to get their upgrades done.
Not every file, every time. Only a prompt that dpkg has detected
files/directories/symlinks that are no longer support and will remove them
*IF* the administrator agrees.
Why did I file this against dpkg and not the listar package? Because
Goerzen insists that dpkg is acting according to its design. That means any
package can remove vital symlinks/directories/files without prior warning to
the administrator.
Goerzen is only looking at the little picture. He is seeing that Listar
removed symlinks that are no longer needed on his system or in the deb.
However, as any person who works as an admin on a system knows, what is
packaged is not the whole picture.
My concern lays in what the administrator has built up around those
packages. Listar, in this case, broke with no warning. *NONE*. If I had
made any scripts for Listar based on the .119a package, they, too, would have
broken. Furthermore, my main concern is what happens when a maintainer and a
sysadmin have convergence on the naming of symlinks, files and/or
directories? The administrators pre-existing local configuration being
overwritten by a package's own symlinks/files/directories and later being
removed. In this case, dpkg assumes that it is the only thing using those
items when, in fact, it is not. Such a situation can and will lead to
systems breaking in the future without just cause or warning to the
administrators of said systems.
What the workaround for this situation is, I do not know. I am
suggesting a warning that files/directories/symlinks are going to be moved.
That may be too harsh. Maybe only when files/symlinks change, or just
symlinks since they are used mostly in a "glue" fashion and one really cannot
predict what the local administrator intends with them. Further, let me
stress that this prompting would only occur during an upgrade. Most upgrades
on most packages will not be moving the locations of
files/symlinks/directories.
>The assumption that the maintainer is not using the
>files/links/directories is correct if they are no longer present in
>the .deb. If they were present before, and no longer are, then
>obviously they are not to be used any longer and *should* be unlinked.
Finally, when is it ever a sane policy to say that when the *maintainer*
is done with the files/symlinks/directories that they local *administrators*
are done with those same files/symlinks/directories. I agree that they
should be removed *if* the local administrator agrees. At no time do I ever
forsee any packaging system being programmed so well, and a maintainer who
has never seen the machine these packages are running on, know better than
the local administrator what is and is not important to remove during a
cursory upgrade.
- --
Steve C. Lamb | I'm your priest, I'm your shrink, I'm your
ICQ: 5107343 | main connection to the switchboard of souls.
- -------------------------------+---------------------------------------------
-----BEGIN PGP SIGNATURE-----
Version: PGPsdk version 1.0 (C) 1997 Pretty Good Privacy, Inc
iQA/AwUBNy36Fnpf7K2LbpnFEQK45gCeI2deQNxgpNtnDuvM0d+FAKfjUxoAoOwI
FYBoA/YFThb2DxKkqmOyCMjt
=kTy+
-----END PGP SIGNATURE-----
Reply to: