On 03/21/2015 04:14 PM, Russ Allbery wrote: > Chris Knadle <chris.kna...@coredump.us> writes: > >> At present the openssh-server and openssh-client packages are >> altering /etc/ssh/ssh_config and /etc/ssh/sshd_config without >> prompting the user beforehand, even when they've been locally >> modified. I've pointed section § 10.7.3 of Debian Policy: > >> • local changes must be preserved during a package upgrade > >> (Appendix E also discusses this which I saw later) > >> however the argument being made now is that "the particular section >> of the config being altered wasn't changed by the user". > > Correct. The Policy statement is about preserving user changes, not about > never touching any file that a user has modified in any way. The package > is free to modify unchanged portions of the configuration file, and this > has been routinely done during package updates in Debian for as long as > I've been involved in the project.
:-( Okay. That I didn't know. There's an extent to which this is understandable, and an extent to which it's a bit frightening because it means I can't know what I'll be notified concerning changes to my own config files and therefore how my system runs. >> This is the current bug (severity serious): > >> https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=780797 > > I think the maintainer should downgrade the severity of this bug, since I > don't think it meets the definition of serious, but I'll leave that to > Colin. > > Separately, I personally am not fond of this change and would rather that > it only take effect on new installations, not existing installations. I > find the security argument for this change to be rather dubious. But this > is not a Policy violation; it's a judgement call by the maintainer whether > the benefit of the change is worth the disruption of changed behavior on > upgrades. Yeah I wish this had been for new installations only rather than changing the current configs without prompting, but as long as it's not a policy violation this concern of mine is essentially moot. Thank you very much for taking the time to answer this. -- Chris -- Chris Knadle chris.kna...@coredump.us -- To UNSUBSCRIBE, email to debian-qa-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/550dd537.2080...@coredump.us
