On 2016-03-16 Ben Hutchings <b...@decadent.org.uk> wrote: > Control: severity -1 serious > Control: tag -1 moreinfo
> Upgrading severity. I consider this release-critical because a package > should never: > 1. Send spurious error messages from its cron job > 2. Recommend changing the configuration in a way that would undo a > security fix Hello, the situation is this: * Upstream made a change (cleaning the environment by default) that in their opinion could break existing systems. There is not a magic switch that can be thrown to fix this. The safe default value (empty environment) is exactly what causes the breakage. To point admininistrators of failing system in the right direction exim prints a warning when keep_environment is not set. * Afaik the Debian config works fine with empty environment which is why we have added an explicit 'keep_environment=" to prevent the runtime warning. * Otoh if you are running a custom configuration you will get the warning exactly as upstream has intended and you will need to decide whether you need to modify the environment. This also applies to configuration based on the Debian configuration. - You'll need to look at the configuration and decide whether modifying the runtime environment is necessary. (You'll get a dpkg confile prompt and need to merge the changes.) * In addition there is an entry in exim4-config.NEWS. I am basically out of bright ideas on how to improve things from here. The whole thing is trade-off, on one side now some people get a warning message without experincing real breakage, on the other side if I patched out the warning message some people would just see a broken e-mail service without the helpful hint. Being in doubt I trusted upstream's choice. See http://article.gmane.org/gmane.mail.exim.devel/9142 and following. cu Andreas -- `What a good friend you are to him, Dr. Maturin. His other friends are so grateful to you.' `I sew his ears on from time to time, sure'