On Wed, Jul 02, 2003 at 06:34:53PM -0400, Jim Penny wrote: > > > It breaks 100% of stunnel installations. The old stunnel was > > > command line oriented, the current one is configuration file > > > oriented. It would be very difficult to write a converter.
> > > I am going to disagree with most responders here. I think that in > > > the case that if upgrading a package introduces substantial risk of > > > breakage, a debconf message is quite appropriate. When a security > > > related package has high risk of breakage, it is urgent. > > > Now, this breakage happens to be somewhat benign, in that without > > > configuration, it does not function at all. But it is also somewhat > > > difficult to test for many uses. Further, when the unconfigured > > > system fails to start, the failure is completely silent. This adds > > > to the problems. > > My original argument stands: we should not be telling our users that > > we broke their system, because we shouldn't be breaking it in the > > first place. In this instance, it sounds to me like a bout of > > upstream bogosity has resulted in a rather grave regression in the > > quality of the software. Why would it ever be a good idea to *not* > > give users the ability to control the program using commandline > > options? > Because of security considerations. The configuration file is read on > startup, and then stunnel chroots away, so that it is no longer visible. > The command line interface leaked information, internal IP > structure, internal ports, etc. that a really paranoid person might > prefer not be visible. This is still a stupid reason to break support for the previous method of configuration. A really sane person has better things to worry about than whether someone logged into his server can see where a given SSL tunnel is forwarding to. Things like, not having his system broken by software upgrades. > While it is indeed preferable to not break things, there are times when > avoiding breakage is quite difficult. This appears, to me, to be > one of those times. Not to me. -- Steve Langasek postmodern programmer
pgpompCzBN07L.pgp
Description: PGP signature
