Hi Don, On 02/08/17 23:36, Don Armstrong wrote: > > If this is a private package which you are using to enforce your local > configuration, just change the conffile in your postinst [possibly after > checking that the conffile hasn't been modified.] >
This can become pretty difficult, depending upon the config file format (*.xml, *.json, ...). Not to mention the config file conflicts on the next upgrade, even if the DM changed only a single comment line. Plus there is no notification to run my postinst script again. > If this is a package which you are planning on having anyone else use, > then you basically shouldn't be touching /etc/ssh/ssh_config or > /etc/ssh/sshd_config, because you're likely to break things horribly. > I am sorry, but "shouldn't" is not an option. I have to make sure that the host configuration follows certain rules on all machines, e.g. for introducing signed host certificates for sshd, for the ldap/kerberos integration, etc. Of course we all try to not "break things horribly". A working divert for config files is missing in Debian. Thanx very much for your response Harri
