Bug#655983: cakephp-2.6.3 stable is now out
Hi, any update on this. It would be cool to have cakephp-2.6.3 in jessie I could offer some help if it is required. Thanks.
Re: Package modifying a user-modified config file? [Bug #780797]
* Chris Knadle chris.kna...@coredump.us, 2015-03-21, 15:22: At present the openssh-server and openssh-client packages are altering /etc/ssh/ssh_config and /etc/ssh/sshd_config without prompting the user beforehand, even when they've been locally modified. To clarify /etc/ssh/ssh_config is a conffile; so it's managed by dpkg, which DOES prompt when the file was locally-modified. The only trouble is /etc/ssh/sshd_config, which is not a conffile for whatever reason. -- Jakub Wilk -- To UNSUBSCRIBE, email to debian-qa-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/20150321201025.ga1...@jwilk.net
Re: Package modifying a user-modified config file? [Bug #780797]
On 03/21/2015 04:10 PM, Jakub Wilk wrote: * Chris Knadle chris.kna...@coredump.us, 2015-03-21, 15:22: At present the openssh-server and openssh-client packages are altering /etc/ssh/ssh_config and /etc/ssh/sshd_config without prompting the user beforehand, even when they've been locally modified. To clarify /etc/ssh/ssh_config is a conffile; so it's managed by dpkg, which DOES prompt when the file was locally-modified. In this case dpkg did /not/ prompt when ssh_config was modified; instead there was only a printed message about it being changed. Why I don't know; I've been looking at the source file to try to figure it out. The only trouble is /etc/ssh/sshd_config, which is not a conffile for whatever reason. Ugh. Any file in /etc should be a conffile by Policy AFAICT so if this is so I should probably file a bug about it. Thanks much -- Chris -- Chris Knadle chris.kna...@coredump.us -- To UNSUBSCRIBE, email to debian-qa-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/550dd644.9050...@coredump.us
Re: Package modifying a user-modified config file? [Bug #780797]
On 03/21/2015 04:53 PM, James McCoy wrote: On Sat, Mar 21, 2015 at 04:36:20PM -0400, Chris Knadle wrote: On 03/21/2015 04:10 PM, Jakub Wilk wrote: The only trouble is /etc/ssh/sshd_config, which is not a conffile for whatever reason. Ugh. Any file in /etc should be a conffile by Policy AFAICT so if this is so I should probably file a bug about it. No, there are both configuration files and conffiles according to policy (c.f. §10.7.1). The latter are what dpkg will prompt about when there are user modifications and the package is shipping a changed conffile. Ah, okay. I wasn't entirely clear on that subtlety. Note that there is only a prompt when the user has modified it. Ah, right... I likely hadn't modified ssh_config on this system, so that would explain the lack of prompt. Thank you for pointing out both of these details. -- Chris -- Chris Knadle chris.kna...@coredump.us -- To UNSUBSCRIBE, email to debian-qa-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/550ddc2e.7050...@coredump.us
Package modifying a user-modified config file? [Bug #780797]
At present the openssh-server and openssh-client packages are altering /etc/ssh/ssh_config and /etc/ssh/sshd_config without prompting the user beforehand, even when they've been locally modified. I've pointed section § 10.7.3 of Debian Policy: • local changes must be preserved during a package upgrade (Appendix E also discusses this which I saw later) however the argument being made now is that the particular section of the config being altered wasn't changed by the user. I have a problem with this argument because if a config file is changed on the user without prompting even after modification, that means that the user has lost control over their own config files unless they've altered /every/ setting... and there are yes/no settings in those files. This is the current bug (severity serious): https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=780797 and the changes made were requested in a wishlist bug: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=765633 -- Chris -- Chris Knadle chris.kna...@coredump.us -- To UNSUBSCRIBE, email to debian-qa-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/550dc4dc.1080...@coredump.us
Re: Package modifying a user-modified config file? [Bug #780797]
Chris Knadle chris.kna...@coredump.us writes: At present the openssh-server and openssh-client packages are altering /etc/ssh/ssh_config and /etc/ssh/sshd_config without prompting the user beforehand, even when they've been locally modified. I've pointed section § 10.7.3 of Debian Policy: • local changes must be preserved during a package upgrade (Appendix E also discusses this which I saw later) however the argument being made now is that the particular section of the config being altered wasn't changed by the user. Correct. The Policy statement is about preserving user changes, not about never touching any file that a user has modified in any way. The package is free to modify unchanged portions of the configuration file, and this has been routinely done during package updates in Debian for as long as I've been involved in the project. This is the current bug (severity serious): https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=780797 I think the maintainer should downgrade the severity of this bug, since I don't think it meets the definition of serious, but I'll leave that to Colin. Separately, I personally am not fond of this change and would rather that it only take effect on new installations, not existing installations. I find the security argument for this change to be rather dubious. But this is not a Policy violation; it's a judgement call by the maintainer whether the benefit of the change is worth the disruption of changed behavior on upgrades. -- Russ Allbery (r...@debian.org) http://www.eyrie.org/~eagle/ -- To UNSUBSCRIBE, email to debian-qa-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/87egoif6r3@hope.eyrie.org
Re: Package modifying a user-modified config file? [Bug #780797]
On 03/21/2015 04:14 PM, Russ Allbery wrote: Chris Knadle chris.kna...@coredump.us writes: At present the openssh-server and openssh-client packages are altering /etc/ssh/ssh_config and /etc/ssh/sshd_config without prompting the user beforehand, even when they've been locally modified. I've pointed section § 10.7.3 of Debian Policy: • local changes must be preserved during a package upgrade (Appendix E also discusses this which I saw later) however the argument being made now is that the particular section of the config being altered wasn't changed by the user. Correct. The Policy statement is about preserving user changes, not about never touching any file that a user has modified in any way. The package is free to modify unchanged portions of the configuration file, and this has been routinely done during package updates in Debian for as long as I've been involved in the project. :-( Okay. That I didn't know. There's an extent to which this is understandable, and an extent to which it's a bit frightening because it means I can't know what I'll be notified concerning changes to my own config files and therefore how my system runs. This is the current bug (severity serious): https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=780797 I think the maintainer should downgrade the severity of this bug, since I don't think it meets the definition of serious, but I'll leave that to Colin. Separately, I personally am not fond of this change and would rather that it only take effect on new installations, not existing installations. I find the security argument for this change to be rather dubious. But this is not a Policy violation; it's a judgement call by the maintainer whether the benefit of the change is worth the disruption of changed behavior on upgrades. Yeah I wish this had been for new installations only rather than changing the current configs without prompting, but as long as it's not a policy violation this concern of mine is essentially moot. Thank you very much for taking the time to answer this. -- Chris -- Chris Knadle chris.kna...@coredump.us -- To UNSUBSCRIBE, email to debian-qa-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/550dd537.2080...@coredump.us
Re: Package modifying a user-modified config file? [Bug #780797]
On Sat, Mar 21, 2015 at 04:36:20PM -0400, Chris Knadle wrote: On 03/21/2015 04:10 PM, Jakub Wilk wrote: The only trouble is /etc/ssh/sshd_config, which is not a conffile for whatever reason. Ugh. Any file in /etc should be a conffile by Policy AFAICT so if this is so I should probably file a bug about it. No, there are both configuration files and conffiles according to policy (c.f. §10.7.1). The latter are what dpkg will prompt about when there are user modifications and the package is shipping a changed conffile. Note that there is only a prompt when the user has modified it. Cheers, -- James GPG Key: 4096R/331BA3DB 2011-12-05 James McCoy james...@debian.org signature.asc Description: Digital signature
Re: Bug#780797: Package modifying a user-modified config file? [Bug #780797]
On 2015-03-21 13:14:08 -0700, Russ Allbery wrote: Chris Knadle chris.kna...@coredump.us writes: At present the openssh-server and openssh-client packages are altering /etc/ssh/ssh_config and /etc/ssh/sshd_config without prompting the user beforehand, even when they've been locally modified. I've pointed section § 10.7.3 of Debian Policy: • local changes must be preserved during a package upgrade (Appendix E also discusses this which I saw later) however the argument being made now is that the particular section of the config being altered wasn't changed by the user. Correct. The Policy statement is about preserving user changes, not about never touching any file that a user has modified in any way. The package is free to modify unchanged portions of the configuration file, and this has been routinely done during package updates in Debian for as long as I've been involved in the project. I disagree. In such a case there would be *no way* for the user to tell Debian not to modify his configuration, i.e. an upgrade could silently break the user configuration, like this happened here. The only time where a maintainer script could change a config file modified by the user is when this is absolutely necessary, e.g. because the behavior changed in the software, an option has been renamed, and things like that. But even in these cases, this should be announced in the NEWS file. -- Vincent Lefèvre vinc...@vinc17.net - Web: https://www.vinc17.net/ 100% accessible validated (X)HTML - Blog: https://www.vinc17.net/blog/ Work: CR INRIA - computer arithmetic / AriC project (LIP, ENS-Lyon) -- To UNSUBSCRIBE, email to debian-qa-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/20150322021054.gl5...@xvii.vinc17.org
Re: Bug#780797: Package modifying a user-modified config file? [Bug #780797]
Vincent Lefevre vinc...@vinc17.net writes: On 2015-03-21 13:14:08 -0700, Russ Allbery wrote: Correct. The Policy statement is about preserving user changes, not about never touching any file that a user has modified in any way. The package is free to modify unchanged portions of the configuration file, and this has been routinely done during package updates in Debian for as long as I've been involved in the project. I disagree. You disagree that this is what Policy says, or you disagree that this is a good idea? If it's the latter, I understand your point. If it's the former, well, you can disagree, but you're incorrect. Sorry. You have probably been misled by dpkg's behavior with conffiles, but that's primiarly because dpkg conffile handling is at the per-file level, and only knows whether the file has changed at all. This is not how configuration files that are not conffiles have been handled, and it applies only at the file granularity with conffiles. Consider a configuration that's broken into four or five separate conffiles. The ones that the user didn't change have always been updated silently. The Policy statement here is primarily about semantics, not about files. In such a case there would be *no way* for the user to tell Debian not to modify his configuration, i.e. an upgrade could silently break the user configuration, like this happened here. Policy does not prohibit every thing that a maintainer might want to do that may not be a good idea. I get that you find the change surprising. I don't particularly agree with it either. But Policy is not the stick with which to solve every problem you might have with what a package maintainer chooses to do. Sometimes things are just old-fashioned bug reports. :) The only time where a maintainer script could change a config file modified by the user is when this is absolutely necessary, e.g. because the behavior changed in the software, an option has been renamed, and things like that. That's certainly a valid point of view, but this is not the line that Debian has historically drawn. And drawing that line would result in a lot more prompting during dist-upgrades, so there's a tradeoff here. But even in these cases, this should be announced in the NEWS file. I'm inclined to agree with you in this case, but Policy doesn't currently make that a requirement. -- Russ Allbery (r...@debian.org) http://www.eyrie.org/~eagle/ -- To UNSUBSCRIBE, email to debian-qa-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/87bnjleot1@hope.eyrie.org
