On Thu, May 12, 2005 at 12:09:37PM -0400, Joey Hess wrote: >Anibal Monsalve Salazar wrote: >>The version of portmap in sarge is 5-9. Please consider portmap 5-11 >>for sarge. >> >>Version: 5-11 >>Closes: 305505 306929 >>Changes: >> portmap (5-11) unstable; urgency=high >> . >> * Changed all references of '/etc/default/portmap' to '/etc/portmap.conf' >> in postinst, init.d, templates and po/*. Created postrm. Removed default. >> This fixes RC bug "Portmap modifies conffile from postinst", closes: #305505. > >Um, why not just replace the conffile with a non-conffile? I don't see >the purpose of renaming it. > >Also, your handling of /etc/portmap.conf if the config and postinst >scripts is really not up to spec on best practice for handling config >files with debconf. Such a trivial file format can be fully parsed and >handled as described in the debconf manual, allowing debconf to be aware >of changes made manually. Joey, thanks for the comments. I'll implemet your suggestions. However, I would like to get -11 in sarge so it gets used by testers of the woody-sarge transition. >Also, unlike the comment in the file claims, manual modificatons are >lost as soon as the package is reconfigured (or upgraded, I think): I'm afraid that is not the case. >root@dragon:/home/joey>cat /etc/portmap.conf ># Portmap configuration file ># ># Note: if you manually edit this configuration file, ># portmap configuration scripts will avoid modifying it ># (for example, by running 'dpkg-reconfigure portmap'). > ># By default listen on all interfaces ># ># If you want portmap to listen only on the loopback ># interface, uncomment the following line (it will be ># uncommented automatically if you configure this ># through debconf). >OPTIONS="-i 127.0.0.1" >root@dragon:/home/joey>dpkg-reconfigure portmap >Stopping portmap daemon: portmap. >Configuring portmap >------------------- > >Portmap by default listens to all IP addresses. However, if you are not using >RPC services that connect to remote servers (like NFS or NIS) you can safely >bind it to the loopback IP address 127.0.0.1. > >This will allow RPC local services (like FAM) to work properly while preventing >remote systems from accessing your RPC services. > >You can change this configuration also by editing the OPTIONS line in the >/etc/portmap.conf file. If you just don't specify the -i option it will bind to >all interfaces. > >Should portmap be bound to the loopback address? no Here you selected 'no'. >Starting portmap daemon: portmap. >Restoring old RPC service information...done. >root@dragon:/home/joey>cat /etc/portmap.conf ># Portmap configuration file ># ># Note: if you manually edit this configuration file, ># portmap configuration scripts will avoid modifying it ># (for example, by running 'dpkg-reconfigure portmap'). > ># By default listen on all interfaces ># ># If you want portmap to listen only on the loopback ># interface, uncomment the following line (it will be ># uncommented automatically if you configure this ># through debconf). >#OPTIONS="-i 127.0.0.1" The obove commented out line is the result of the 'no' selection. >> * Fixed "SIGCHLD handler doesn't preserve errno", closes: #306929. >> Patch by Alexander Achenbach <xela@slit.de>. > >Not important or RC is it? It's an RC bug. It may result in termination of the server process. According to the author of the bug report, it was reported on freebsd-bugs back in 1998. >>Version: 5-10 >>Closes: 286301 301130 301535 >>Changes: >> portmap (5-10) unstable; urgency=high >> . >> * Re-added the debconf configuration, although the default for this is now >> to have portamp listening in all interfaces. The debconf setting >> allows system administrators, base-config and cdd developers to preseed >> this value to 'true' (link only to the loopback interface) if needed. >> Patch by Javier Fernández-Sanguino Peña <jfs@computer.org>. >> Closes: #301130, #286301. > >So you made a change in -10 that introduced a RC bug that was fixed >in -11? And no changes in -10 were RC or even important. The point of >freeze exceptions is not to allow continuing unstable development of >packages in sarge so I don't see why this should be accepted. Javier pushed -10 as an important security improvement for desktop/laptop systems and I agree with him on that regard. Running portmap listening to the world on a desktop/laptop system is a considerable security risk. >-- >see shy jo Kind Regards, Anibal Monsalve Salazar -- .''`. Debian GNU/Linux : :' : Free Operating System `. `' http://debian.org/ `- http://v7w.com/anibal
Attachment:
signature.asc
Description: Digital signature