Package: sslh
Version: 1.20-1
Severity: minor
Dear Maintainer,
There might be room for improving the systemd service file you seem
to have provided since version 1.15-1 where changelog said:
+ debian/sslh.service, based on upstream scripts/systemd.sslh.service
It seems the upstream service file has evolved with security hardening[1]
features, which has not been put into the debian variant.
Please consider adding a patch in debian/patches that simply changes
the EnvironmentFile variable instead of duplicating the service file.
(You could either manually install upstreams file via debian/install
or you could also symlink debian/sslh.service to upstreams service file
to have debhelper install it for you.)
I also wonder if you can't drop the sslh.tmpfile and simply use
the 'RuntimeDirectory=sslh' directive in the service file to get the
/run/sslh directory created for you.
Regards,
Andreas Henriksson
[1]:
https://lintian.debian.org/tags/systemd-service-file-missing-hardening-features.html
