Bug#780797: openssh-server: modifies the user configuration

To: 780797@bugs.debian.org
Subject: Bug#780797: openssh-server: modifies the user configuration
From: Vincent Lefevre <vincent@vinc17.net>
Date: Sat, 21 Mar 2015 11:13:54 +0100
Message-id: <[🔎] 20150321101354.GH5205@xvii.vinc17.org>
Reply-to: Vincent Lefevre <vincent@vinc17.net>, 780797@bugs.debian.org
In-reply-to: <[🔎] 1426918328.4766.4.camel@scientia.net>
References: <[🔎] 550CF8D7.7010205@coredump.us> <[🔎] 1426918328.4766.4.camel@scientia.net>

On 2015-03-21 07:12:08 +0100, Christoph Anton Mitterer wrote:
> On Sat, 2015-03-21 at 00:51 -0400, Chris Knadle wrote: 
> >     § 10.7.3  Behavior
> >     Configuration file handling must conform to the following behavior:
> >     • local changes must be preserved during a package upgrade
> Well, strictly speaking, if the user had let that option at it's Debian
> default, than there wasn't a local change.

The configuration consists of a full file, and the choice for some
option may depend on others. For instance, the admin could have
chosen to enable empty passwords because port 22 is filtered from
the Internet, but if there were an automatic change of the port
(which hasn't been modified), there would be a serious problem.
So, as soon as the file is modified, it must be considered that
the configuration has been chosen by the admin and mustn't be
modified automatically. This is at least how debconf behaves.

Otherwise there would be no way to ensure that Debian would not
do any automatic change, ***without confirmation***.

> > The *particular changes made* aren't the issue at all: the issue is
> > the "slippery slope" problem, and that's why I think the Policy is
> > written exactly how it is.  If it's okay to modify a user's changes
> > here, then it's okay to do it elsewhere.
> Unfortunately I wouldn't interpret the policy as preventing that
> particular case (or maybe I still don't get some detail here).
> 
> Actually most of our config file handling systems have this problem:
> - I get some default config
> - I check each and every option of it, whether it fits my needs
>   perfectly.
> - If it already does per default and doesn't make any commentary
>   changes, a future package upgrade could just change what I
>   deliberately decided to want.

And to avoid this problem, that's why a local change should be
regarded as affecting the whole file (comments included, because
it can be a way to instruct that the default is fine and must not
be modified automatically).

If some Debian maintainer wants to suggest a change on a modified
file, he must ask for confirmation.

-- 
Vincent Lefèvre <vincent@vinc17.net> - Web: <https://www.vinc17.net/>
100% accessible validated (X)HTML - Blog: <https://www.vinc17.net/blog/>
Work: CR INRIA - computer arithmetic / AriC project (LIP, ENS-Lyon)

Reply to:

Follow-Ups:
- Bug#780797: openssh-server: modifies the user configuration
  - From: Christoph Anton Mitterer <calestyo@scientia.net>
- Bug#780797: openssh-server: modifies the user configuration
  - From: Colin Watson <cjwatson@debian.org>

References:
- Bug#780797: openssh-server: modifies the user configuration
  - From: Chris Knadle <Chris.Knadle@coredump.us>
- Bug#780797: openssh-server: modifies the user configuration
  - From: Christoph Anton Mitterer <calestyo@scientia.net>

Prev by Date: Bug#780797: openssh-server: modifies the user configuration
Next by Date: Bug#780797: openssh-server: modifies the user configuration
Previous by thread: Bug#780797: openssh-server: modifies the user configuration
Next by thread: Bug#780797: openssh-server: modifies the user configuration
Index(es):
- Date
- Thread