Re: Package modifying a user-modified config file? [Bug #780797]
On 03/21/2015 04:14 PM, Russ Allbery wrote:
> Chris Knadle <Chris.Knadle@coredump.us> writes:
>
>> At present the openssh-server and openssh-client packages are
>> altering /etc/ssh/ssh_config and /etc/ssh/sshd_config without
>> prompting the user beforehand, even when they've been locally
>> modified. I've pointed section § 10.7.3 of Debian Policy:
>
>> • local changes must be preserved during a package upgrade
>
>> (Appendix E also discusses this which I saw later)
>
>> however the argument being made now is that "the particular section
>> of the config being altered wasn't changed by the user".
>
> Correct. The Policy statement is about preserving user changes, not about
> never touching any file that a user has modified in any way. The package
> is free to modify unchanged portions of the configuration file, and this
> has been routinely done during package updates in Debian for as long as
> I've been involved in the project.
:-( Okay. That I didn't know. There's an extent to which this is
understandable, and an extent to which it's a bit frightening because
it means I can't know what I'll be notified concerning changes to my
own config files and therefore how my system runs.
>> This is the current bug (severity serious):
>
>> https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=780797
>
> I think the maintainer should downgrade the severity of this bug, since I
> don't think it meets the definition of serious, but I'll leave that to
> Colin.
>
> Separately, I personally am not fond of this change and would rather that
> it only take effect on new installations, not existing installations. I
> find the security argument for this change to be rather dubious. But this
> is not a Policy violation; it's a judgement call by the maintainer whether
> the benefit of the change is worth the disruption of changed behavior on
> upgrades.
Yeah I wish this had been for new installations only rather than
changing the current configs without prompting, but as long as it's
not a policy violation this concern of mine is essentially moot.
Thank you very much for taking the time to answer this.
-- Chris
--
Chris Knadle
Chris.Knadle@coredump.us
Reply to: