El 28/2/25 a las 17:17, [email protected] escribió:
Therefore, I would like to ask whether the policy should be revised to explicitly cover both /usr/local and /var/local, or if the omission of /var/local and its subdirectories from policy is intentional.
Hello. I was the one to word such section of Policy at the time, and it was never intended to be applied to /var/local. The file was called staff-group-for-usr-local, and that means staff group (ok, and mode 2775 too) for /usr/local, nothing else. So, I don't think repurposing the file for /var/local as well would be a good idea. The existence of a flag file for /usr/local was a requirement of the Technical Committee, who said "ok to change the default permissions, but only if you have a transition plan". Such a transition plan was justified for /usr/local, because there are other Debian packages creating subdirectories there, but IMO not for /var/local, which I believe we could switch in a single shot. The reason I have not done that yet is that I am not sure about the consequences. I've just made an experiment right now: modified base-files to ship /var/local as root:root and 755 (unconditionally), then installed it in a sid chroot. The permissions of /var/local did not change on the upgrade, which is probably the best possible outcome for this: Keep the old permissions if you upgraded from Debian 12 or earlier, but use 755 and root:root for new installs of Debian 13. So here is a question for anybody familiar with dpkg handling of directory permissions: Can I rely on dpkg doing that? It's what I would like to happen. Thanks.
