Bug#226255: ssh: Please lower debconf priority for some questions

To: Christian Perrier <bubulle@debian.org>, 226255@bugs.debian.org
Cc: joeyh@debian.org
Subject: Bug#226255: ssh: Please lower debconf priority for some questions
From: Colin Watson <cjwatson@debian.org>
Date: Sun, 7 Mar 2004 11:04:11 +0000
Message-id: <[🔎] 20040307110411.GB31435@riva.ucam.org>
Reply-to: Colin Watson <cjwatson@debian.org>, 226255@bugs.debian.org
In-reply-to: <20040105124920.57D88D05B@mykerinos.onera>
References: <20040105124920.57D88D05B@mykerinos.onera>

On Mon, Jan 05, 2004 at 01:49:20PM +0100, Christian Perrier wrote:
> Package: ssh
> Version: 1:3.6.1p2-10
> Severity: normal
> 
> The ssh package asks several question at priority "high" or higher.
> 
> Please consider lowring the priority of these questions.
> 
> Quoting debconf-devel(7):
> 
>               low Very trivial items that have defaults that will work in
> 	      the vast majority of cases; only control freaks see these.
> 		      
>               medium Normal items that have reasonable defaults.
> 				     
>               high   Items that don't have a reasonable default.
> 	       
> 	      critical Items that will probably break the system without
> 	      user intervention.
> 
> All questions asked by the sssh package should therefore be of "medium"
> priority as all have reasonable defaults.

The two remaining high-priority questions in 1:3.8p1-1 are:

Template: ssh/encrypted_host_key_but_no_keygen
Type: note
_Description: Warning: you must create a new host key
 There is an old /etc/ssh/ssh_host_key, which is IDEA encrypted. OpenSSH
 can not handle this host key file, and I can't find the ssh-keygen utility
 from the old (non-free) SSH installation.
 .
 You will need to generate a new host key.

Template: ssh/user_environment_tell
Type: note
_Description: Environment options on keys have been deprecated
 This version of OpenSSH disables the environment option for public keys by
 default, in order to avoid certain attacks (for example, LD_PRELOAD). If
 you are using this option in an authorized_keys file, beware that the keys
 in question will no longer work until the option is removed.
 .
 To re-enable this option, set "PermitUserEnvironment yes" in
 /etc/ssh/sshd_config after the upgrade is complete, taking note of the
 warning in the sshd_config(5) manual page.

The first of these requires administrator action to generate a new host
key, and the second requires administrator or user action to fix
authorized_keys files. In either case the system may become inaccessible
if the upgrade is being performed remotely and the warnings are not
heeded.

Is it really true that these shouldn't be priority high?

Thanks,

-- 
Colin Watson                                  [cjwatson@flatline.org.uk]

Reply to:

Follow-Ups:
- Bug#226255: ssh: Please lower debconf priority for some questions
  - From: Joey Hess <joeyh@debian.org>

Prev by Date: Bug#221531: ssh: uses high priority debconf warning
Next by Date: Bug#115182: marked as done (openssh: fix for #105854 should be reworked)
Previous by thread: Bug#221531: ssh: uses high priority debconf warning
Next by thread: Bug#226255: ssh: Please lower debconf priority for some questions
Index(es):
- Date
- Thread