[Logcheck-devel] Bug#453519: Bug#453519: Bug#453519: logcheck-database: amavisd-new file looks like the one shipped by amavisd-new
Russ Allbery
rra at debian.org
Mon Aug 24 22:39:06 UTC 2009
Frédéric Brière <fbriere at fbriere.net> writes:
> My concern is that this would introduce a discrepancy between the two
> cases; why is it OK to move a modified conffile if it's been dropped out
> of the package today, but not if it's been dropped two years ago? (Not
> to mention that dpkg will probably confuse the latter for the former.)
If it's been modified, I actually wouldn't do it for that case either. So
I guess I'm arguing that even the previous behavior was not what I would
have done.
> I also worry a bit about old crappy rules which could match too much;
> although logcheck probably should not be relied upon for security, it
> seems wrong to silently leave them behind.
Hm, yes, although that's also somewhat combining two different issues.
Generally the best way of fixing bad rules like that is to ship a newer
version of the configuration file that cleans out the bad rules. So this
would apply to cases where there were both bad rules *and* the
configuration file for that application was dropped, which I would expect
to be less common.
Or are there a lot of existing cases where we know that the dropped
configuration files contained bad rules?
> In an ideal world, I guess we should ask the user. The wiki can afford
> to sidestep the issue, because removing a conffile usually means it is
> obsolete and would no longer be read anyway. However, that's not the
> case here, and moving the conffiles does have an impact. :(
Yeah, exactly.
--
Russ Allbery (rra at debian.org) <http://www.eyrie.org/~eagle/>
More information about the Logcheck-devel
mailing list