On Sun, Jan 22, 2017 at 01:50:29PM +0100, Ben wrote: > what if then I decide to mv it to replace mine ?
That will probably cause ucf to fail; the temporary file is only meant as input to ucf. ucf then tends to leave .ucf-* files around if it had to do anything complicated. > what was wrong with the previous scheme (write the packaged version of the > file within the same directory) ? No, the previous scheme was in fact to not keep sshd_config up to date at all, except for some manual adjustments made by ad-hoc perl scripts in the postinst. This had any number of things wrong with it. > I'm not a security expert, if you say it's safe and there's nothing to > worry about, that's fine with me. It's safe and there's nothing to worry about. :-) In fact sshd_config is normally world-readable (and it is thus on all my systems); an installation with particularly complicated authorisation rules that they want to keep secret might want to restrict its permissions, but otherwise it isn't a problem. Closing the bug with this message. Thanks, -- Colin Watson [[email protected]]
