[pkg-fetchmail-maint] Bug#288063: Reopen? /etc/fetchmailrc contains
passwords
Jeremy S Bygott
jeremy at jsbygott.fsnet.co.uk
Tue Oct 4 18:47:39 UTC 2005
Hi, I see that Nico agreed with the bug report and wrote
hi,
you are right, it should be deleted. it will be fixed with
the next upload.
But are we happy about this? There is at least one reason why
fetchmail ( <= 6.2.5-12sarge1 ) does not purge this file. The message
in the postrm,
"Not removing /etc/fetchmailrc ..."
is uninformative but does show that non-deletion was a deliberate
decision by the postrm's author. And in the changelog.Debian.gz for
fetchmail (5.7.6-2) we read:
* Remind user that /etc/fetchmailrc is not removed on package
purge (we don't provide it, after all...)
That seems to be a good and decisive reason!
If you need more convincing (though other people are better qualified
to discuss it) please note that /etc/fetchmailrc is often customised
to include passwords (mine is). So removing the file might destroy
valuable data.
Say Bob's fetchmail installation is crufty and broken (bits of woody
fetchmail-common left around) and he wants to purge and reinstall.
Perhaps he's forgotten that /etc/fetchmailrc is his only convenient
record of his passwords? It's his own fault, of course, but it would
be courteous if fetchmail didn't purge them.
So I think the postrm should keep the file but explain better why the
file is being kept. Something like
# Remind administrator about /etc/fetchmailrc (bug #288063)
# Do not purge this file since it was not provided by package
# fetchmail (and may contain valuable data, passwords ...)
echo "Not removing /etc/fetchmailrc ..."
or, if you want more explanation in the purge logfile,
echo "Not removing /etc/fetchmailrc (file provided by administrator)..."
Best wishes,
J S Bygott
Oxford
More information about the pkg-fetchmail-maint
mailing list