Package: bandersnatch-frontend Version: 0.3-2 Severity: serious Justification: Policy 10.7.2
The config file for bandersnatch-frontend is located at: /usr/share/bandersnatch-frontend/includes/config.inc.php The postinst creates a symlink in /etc/jabber which links to this file. Instead, the config file should be in /etc/jabber, and /usr/share/bandersnatch-frontend/includes/config.inc.php should be a symlink to /etc/jabber/bandersnatch-frontend.conf.php Also, since this file contains a password to connect to mysql, is should probably be readable only by root and the www-data user/group. -- System Information: Debian Release: 3.1 APT prefers testing APT policy: (100, 'testing') Architecture: i386 (i686) Kernel: Linux 2.4.27 Locale: LANG=C, LC_CTYPE=C (charmap=ANSI_X3.4-1968) Versions of packages bandersnatch-frontend depends on: ii apache 1.3.33-4 versatile, high-performance HTTP s ii bandersnatch 0.3-2 Log Jabber conversations to a peer ii libapache-dbi-perl 0.94-2 Connect apache server to database ii php-auth 1.2.3-2 PHP PEAR modules for creating an a ii php-html-template-it 1.10-3 PEAR HTML Template IT ii php4 4:4.3.10-9 server-side, HTML-embedded scripti ii php4-mysql 4:4.3.10-9 MySQL module for php4 ii php4-pear 4:4.3.10-9 PEAR - PHP Extension and Applicati -- no debconf information -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
