Package: gitlab-shell Version: 2.6.10-1 Severity: serious The file /usr/share/gitlab-shell/config.yml is clearly a configuration file and is modified during the package installation. It also seems to be modified during package upgrading, which is another serious bug.
In addition, a log file /usr/share/gitlab-shell/gitlab-shell.log is created, as is a symlink /usr/share/gitlab-shell/.gitlab_shell_secret. This is all in contravention of the Debian Policy. Suggested fixes: The config.yml file should be stored in the package as a symlink to /etc/gitlab-shell/config.yml or something similar. During the first package installation, this should be setup as needed (including the hostname), and during upgrades should be left alone. The log file should not be stored in /usr/share but rather in /var/log/gitlab. The symlink should be in the package, and then the /var/lib/... file setup as needed during the package configuration or running or whatever is appropriate. Best wishes, Julian -- System Information: Debian Release: stretch/sid APT prefers testing APT policy: (500, 'testing'), (500, 'stable') Architecture: amd64 (x86_64) Foreign Architectures: i386 Kernel: Linux 4.4.0-1-amd64 (SMP w/4 CPU cores) Locale: LANG=en_GB.UTF-8, LC_CTYPE=en_GB.UTF-8 (charmap=UTF-8) (ignored: LC_ALL set to en_GB.UTF-8) Shell: /bin/sh linked to /bin/dash Init: systemd (via /run/systemd/system) Versions of packages gitlab-shell depends on: ii ruby 1:2.3.0+1 ii ruby2.1 [ruby-interpreter] 2.1.5-4 ii ruby2.2 [ruby-interpreter] 2.2.4-1 ii ruby2.3 [ruby-interpreter] 2.3.0-5 gitlab-shell recommends no packages. gitlab-shell suggests no packages. -- no debconf information -- debsums errors found: debsums: changed file /usr/share/gitlab-shell/config.yml (from gitlab-shell package)
