[Logcheck-devel] Bug#453519: Bug#453519: logcheck-database: amavisd-new file looks like the one shipped by amavisd-new
Frédéric Brière
fbriere at fbriere.net
Mon Aug 24 16:37:44 UTC 2009
On Sun, Aug 23, 2009 at 06:47:56PM -0700, Russ Allbery wrote:
> > + [ -e "$CONFFILE" ] || return 0
>
> It probably doesn't matter, but I'd use -f here.
You're right, it would be better.
> I would tend to not do this and instead just leave the file in place since
> it does still work. I think it's arguable that moving the file aside such
> that it is no longer active would constitute discarding user configuration
> in a way that logcheck shouldn't, Policy-wise, do.
Yeah, that conffile meddling is a thorny issue.
My concern is that this would introduce a discrepancy between the two
cases; why is it OK to move a modified conffile if it's been dropped out
of the package today, but not if it's been dropped two years ago? (Not
to mention that dpkg will probably confuse the latter for the former.)
I also worry a bit about old crappy rules which could match too much;
although logcheck probably should not be relied upon for security, it
seems wrong to silently leave them behind.
In an ideal world, I guess we should ask the user. The wiki can afford
to sidestep the issue, because removing a conffile usually means it is
obsolete and would no longer be read anyway. However, that's not the
case here, and moving the conffiles does have an impact. :(
--
Linux: Where Don't We Want To Go Today?
-- Submitted by Pancrazio De Mauro, paraphrasing some well-known sales talk
More information about the Logcheck-devel
mailing list