hi all, i learned from the debian-security-announce mailinglist that mantis (a php bugtracking system) has insecure permissions on the configfile that stores the database password. so i did an 'apt-get update ;apt-get upgrade' and was quite surprised, as this upgrade didn't just fix permissions on this file, but overwrote it without asking. it took me a while to find out what happened, and even longer, to restore the settings i had in this file, because the update didn't even bother backing up the original configuration.
so all you mantis users out there: be warned! make a copy of your /etc/mantis/config.php before upgrading. also if you don't use the default apache include, be sure to delete the include line in your apache conf after upgrading as the upgrade puts it in again, just to be sure to screw up things right. i'm very sorry for raising my voice, but WTF IS WRONG WITH THE GUY who maintains this package??? the reason i am using debian is just to avoid stuff like this. if i wanted upgrades to break my stuff i could as well use red hat or something.. alexander -- Alexander Meyer Key ID: FA4FC80C -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]