[Pkg-mediawiki-devel] Bug#388616: Can reports of serious policy violations be downgraded to important?

Marc Dequènes (Duck) duck at duckcorp.org
Wed Feb 7 13:54:29 CET 2007


Romain Beauxis <toots at rastageeks.org> writes:

> * To me the violation is not that severe since the file is located in /etc 
> after all. I understand that others may not think the same way, but that is 
> my point.

There is a symlink, so the user should have no problem with it. At least
this is the first time someone report this as being a real problem.

Note for the release team: as explained by Toots, a failed upgrade
cannot occur with a proper install. Then, we cannot guess what
filesystem changes the sysadm decided and react accordingly, so removing
the symlink, as it is first installed, is a mistake.

At the time the package was first made, i recall the mediawiki code was
not able to locate all the files correctly, so it may have been a reason
for this.

> * Let think a moment of what involved solving this issue. It involves:
>   - Changing the patch for installation messages to reflect the /etc location
>   - Adding a patch for defining this MW_INSTALL_PATH
>   - Changing the documentation for reflecting this new path too
>   - Changing the automated update script
> And, perhaps the most important:
>   - Add an updating code which detects wether the configuration is in /etc or 
> in /var and apply the good changes. Of course, in order not to blow again any 
> file, this script as to be started before the packages files are copied.
>   - Also, you may add an advice to the administrator via debconf so that he is 
> aware of this change in his configuration.

This is risky, and such amount of changed would never be accepted by the
release team as the package is perfectly usuable.

> Now ok, I am not a blocker, if others come and say that it has to be solved 
> I'll do it of course, but it is not my opinion. In particular, I would like 
> to hear for Marc and perhaps the release team on what I wrote above.

This is to be corrected in 1.9 in experimental, and released post-Etch ;
this is the most sensible way to fix it, so as to have the upgrade
script do it seamlessly without endangering a running site.

Marc Dequènes (Duck)
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 188 bytes
Desc: not available
Url : http://lists.alioth.debian.org/pipermail/pkg-mediawiki-devel/attachments/20070207/626b2867/attachment-0001.pgp

More information about the Pkg-mediawiki-devel mailing list