[Logcheck-devel] Bug#453519: Bug#453519: Bug#453519: logcheck-database: amavisd-new file looks like the one shipped by amavisd-new

[Russ Allbery]

Frédéric Brière <fbriere at fbriere.net> writes:

> My concern is that this would introduce a discrepancy between the two
> cases; why is it OK to move a modified conffile if it's been dropped out
> of the package today, but not if it's been dropped two years ago?  (Not
> to mention that dpkg will probably confuse the latter for the former.)

If it's been modified, I actually wouldn't do it for that case either.  So
I guess I'm arguing that even the previous behavior was not what I would
have done.

> I also worry a bit about old crappy rules which could match too much;
> although logcheck probably should not be relied upon for security, it
> seems wrong to silently leave them behind.

Hm, yes, although that's also somewhat combining two different issues.
Generally the best way of fixing bad rules like that is to ship a newer
version of the configuration file that cleans out the bad rules.  So this
would apply to cases where there were both bad rules *and* the
configuration file for that application was dropped, which I would expect
to be less common.

Or are there a lot of existing cases where we know that the dropped
configuration files contained bad rules?

> In an ideal world, I guess we should ask the user.  The wiki can afford
> to sidestep the issue, because removing a conffile usually means it is
> obsolete and would no longer be read anyway.  However, that's not the
> case here, and moving the conffiles does have an impact.  :(

Yeah, exactly.

-- 
Russ Allbery (rra at debian.org)               <http://www.eyrie.org/~eagle/>