[SCM] Debian branch, master, updated. debian/1.2.2-3-25-ge9ee5ec

[Xavier Guimard]

The following commit has been merged in the master branch:
commit f5b283aa7567a9c3f013e3983e50dbd47a35f7c5
Author: Xavier Guimard <x.guimard at free.fr>
Date:   Wed Apr 10 13:16:06 2013 +0200

    Add comments for lintian-overrides files

diff --git a/debian/changelog b/debian/changelog
index ea348a8..949711c 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -4,10 +4,6 @@ lemonldap-ng (1.2.3-1) UNRELEASED; urgency=low
   - lemonldap-ng-portal/example/skins/common/portal.js adds a chunk of code
     with the comment "Code from http://snipplr.com/view/29434/" - shouldn't
     that be properly documented with copyrightholder and license?
-  - lintian-overrides: please document in a comment at the top of the files
-    (this will be shown by lintian along with the override) why these
-    non-standard permissions are necessary (not just "for security reasons",
-    but what is protected, and from whom?)
   - I am not sure all package dependencies are complete and correct, but I got
     confused and this may in part be an upstream problem. A thorough audit may
     be useful?
diff --git a/debian/liblemonldap-ng-conf-perl.lintian-overrides b/debian/liblemonldap-ng-conf-perl.lintian-overrides
index bc0bd70..5c2f2ae 100644
--- a/debian/liblemonldap-ng-conf-perl.lintian-overrides
+++ b/debian/liblemonldap-ng-conf-perl.lintian-overrides
@@ -1,5 +1,13 @@
+# lemonldap-ng.ini must be readable by www-data but not by other (db passwords
+# can be set here
 liblemonldap-ng-conf-perl: non-standard-file-perm etc/lemonldap-ng/lemonldap-ng.ini 0640 != 0644
+# If file storage is used for configuration, DB passwords can be stored here
+# so this directory must not be readable by all
 liblemonldap-ng-conf-perl: non-standard-dir-perm var/lib/lemonldap-ng/conf/ 0750 != 0755
+# If file storage is used for configuration, later configuration files will be
+# in 0640 mode. So the first is adjusted so
 liblemonldap-ng-conf-perl: non-standard-file-perm var/lib/lemonldap-ng/conf/lmConf-1 0640 != 0644
+# If file storage is used for sessions, user passord may be stored in this
+# directory, so it must not be readable by all but must be writable by www-data
 liblemonldap-ng-conf-perl: non-standard-dir-perm var/lib/lemonldap-ng/sessions/ 0770 != 0755
 liblemonldap-ng-conf-perl: non-standard-dir-perm var/lib/lemonldap-ng/sessions/lock/ 0770 != 0755
diff --git a/debian/liblemonldap-ng-handler-perl.lintian-overrides b/debian/liblemonldap-ng-handler-perl.lintian-overrides
index c242971..d465419 100644
--- a/debian/liblemonldap-ng-handler-perl.lintian-overrides
+++ b/debian/liblemonldap-ng-handler-perl.lintian-overrides
@@ -1,2 +1,4 @@
+# If file storage is used for sessions, user passord may be stored in this
+# directory, so it must not be readable by all but must be writable by www-data
 liblemonldap-ng-handler-perl: non-standard-dir-perm var/lib/lemonldap-ng/sessions/ 0770 != 0755
 liblemonldap-ng-handler-perl: non-standard-dir-perm var/lib/lemonldap-ng/sessions/lock/ 0770 != 0755
diff --git a/debian/liblemonldap-ng-portal-perl.lintian-overrides b/debian/liblemonldap-ng-portal-perl.lintian-overrides
index ac4ee6f..f6fa5c9 100644
--- a/debian/liblemonldap-ng-portal-perl.lintian-overrides
+++ b/debian/liblemonldap-ng-portal-perl.lintian-overrides
@@ -1,3 +1,5 @@
+# If file storage is used for sessions, user passord may be stored in this
+# directory, so it must not be readable by all but must be writable by www-data
 liblemonldap-ng-portal-perl: non-standard-dir-perm var/lib/lemonldap-ng/sessions/lock/ 0770 != 0755
 liblemonldap-ng-portal-perl: non-standard-dir-perm var/lib/lemonldap-ng/sessions/ 0770 != 0755
 

-- 
Debian