Your message dated Fri, 16 Oct 2009 11:25:09 +0200
with message-id <20091016092509.ga4...@rivendell>
and subject line Re: Bug#538979: sql-ledger: please install debconf dialog to
warn users of possible security implications
has caused the Debian Bug report #538979,
regarding sql-ledger: please install debconf dialog to warn users of possible
security implications
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
538979: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=538979
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Package: sql-ledger
Severity: normal
Hi Raphael,
so here's the report.... As said I think it makes sense to prompt a debconf
dialog on
installation which warns the user of the possible security implications of this
package
as most of the users will probably miss README.Debian. I for myself often just
read that
in case I run into a problem. Also the statement that this should just be used
in trusted
environments isn't 100% appropriate, in case of XRSF issues unfortunately even a
trusted environment doesn't help.
I am filing this as grave as I think this is really important and this will
warn people with apt-listbugs installed in the meantime. Please downgrade if
you think
this is not appropriate.
Cheers
Nico
--- End Message ---
--- Begin Message ---
Hi,
On Tue, 28 Jul 2009, Nico Golde wrote:
> Hi Raphael,
> so here's the report.... As said I think it makes sense to prompt a
> debconf dialog on installation which warns the user of the possible
> security implications of this package as most of the users will probably
> miss README.Debian. I for myself often just read that in case I run into
> a problem. Also the statement that this should just be used in trusted
> environments isn't 100% appropriate, in case of XRSF issues
> unfortunately even a trusted environment doesn't help.
I thought a bit more about this and I think it's not appropriate.
Introducing a debconf note means dealing with its translations and
creating a workload that this package is not worth of.
Furthermore, someone that installs the package for the first time
should have read the description and the description warns already
about this problem. I have improved the description to point to the
README.Debian file.
We have warnings in description, README.Debian, NEWS.Debian, I think it's
enough. Thus closing the bug.
Cheers,
--
Raphaƫl Hertzog
--- End Message ---
