Bug#1099124: debian-policy: should 9.1.2 apply to /var/local too?

[Santiago Vila <sanvila@debian.org>]

El 28/2/25 a las 17:17, cacin@allfreemail.net escribió:
> Therefore, I would like to ask whether the policy should be revised to
> explicitly cover both /usr/local and /var/local, or if the omission of
> /var/local and its subdirectories from policy is intentional.

Hello. I was the one to word such section of Policy at the time,
and it was never intended to be applied to /var/local.

The file was called staff-group-for-usr-local, and that means
staff group (ok, and mode 2775 too) for /usr/local, nothing else.

So, I don't think repurposing the file for /var/local as well
would be a good idea.

The existence of a flag file for /usr/local was a requirement
of the Technical Committee, who said "ok to change the default
permissions, but only if you have a transition plan".

Such a transition plan was justified for /usr/local, because there
are other Debian packages creating subdirectories there, but IMO
not for /var/local, which I believe we could switch in a single
shot.

The reason I have not done that yet is that I am not sure about
the consequences.

I've just made an experiment right now: modified base-files
to ship /var/local as root:root and 755 (unconditionally), then installed it in a sid chroot.

The permissions of /var/local did not change on the upgrade,
which is probably the best possible outcome for this: Keep the old permissions if you upgraded from Debian 12 or earlier, but use
755 and root:root for new installs of Debian 13.

So here is a question for anybody familiar with dpkg
handling of directory permissions: Can I rely on dpkg
doing that? It's what I would like to happen.

Thanks.