(CC: me on replies, I'm not in the list) Hi there, Yesterday I uploaded a new version of package for the Tiger security tool (3.2.2-6) which introduces fixes to bugs in Debian's (and upstream's) BTS that I believe might be proper to include in lenny for the benefit of Tiger users: - Uses UCF to handle configuration file changes. This was reported as a 'normal' severity bug (see #341595) but is actually 'serious' bug since the Tiger postinst was modifying a conffile (policy violation) and dpkg was always prompting users for configuration file changes on upgrades. - Updates filesystems recognised by Tiger, issues related to this problem have been considered 'Critical' in upstream's BTS [1] but only 'normal' in bugs submitted by Debian users [2]. When this bug strikes a user his mail is spammed with warning messages through email every time one of the scripts that analyses the filesystem was run. This happened (in the default package) configuration: - every 8 hours (check_known script) - every day at 5 am (check_perms script) - once a month (find_files) I think that Debian users did not properly setup the severity of these bugs. For example, any user running an encrypted filesystem would be affected.. I have adjusted the severity of some of these bugs, based on the number of users that could be affected (some of the bug reported are related to exotical filesystems and not that common) - Instead of using /var/run/tiger/work for workfiles, it uses /var/lib/tiger/work. This is FHS-compliant and it also fixes a bug reported as 'Critical' upstream [3] and as 'normal' in Debian [4] This package revision has also some cosmetic changes in order to reduce the sice of the diff.gz we distribute (we were shipping automatically-generated content), fixes to 'normal' severity bugs (Closes: #445531, #349391) and some other minor cleanups. I would like this version to be migrated to testing, if the release team approves it. Could that be possible? If not, should I do then a lenny-targeted upload fixing only some of the bugs? (In this case I guess I would upload fixes only for #341595, #486591, #483727 and #490822) Thanks Javier [1] https://savannah.nongnu.org/bugs/index.php?23503 https://savannah.nongnu.org/bugs/index.php?23043 https://savannah.nongnu.org/bugs/index.php?14299 https://savannah.nongnu.org/bugs/index.php?14028 [2] The following Debian bugs were related to this issue #498203, #483727, #469685, #490344, #490822, #451879 [3] https://savannah.nongnu.org/bugs/index.php?17513 [4] http://bugs.debian.org/486591
Attachment:
signature.asc
Description: Digital signature