[Secure-testing-team] Bug#497622: runs along after package removal

[W. Martin Borgert]

Package: proftpd
Version: 1.3.1-13
Tags: security

IMHO, proftpd should be stopped when removing the package.
Having a running FTP server unknowingly, can be a security problem.

# apt-get install proftpd
(proftpd-basic and proftpd-mod-{ldap,mysql,pgsql} get installed)
(dc: proftpd-basic shared/proftpd/inetd_or_standalone select standalone)
# ps ax|grep proftpd
# /etc/init.d/proftpd start
# ps ax|grep proftpd
1234 ?        Ss     0:00 proftpd: (accepting connections)
# apt-get remove proftpd
(apt-get does not remove proftpd-* here)
# ps ax|grep proftpd
1234 ?        Ss     0:00 proftpd: (accepting connections)
# apt-get remove proftpd-basic
(apt-get removes also the proftpd-mod-* packages)
# ps ax|grep proftpd
# (it's gone, good)

The problem is, that the stupid admin (that's me) installs and
removes the package "proftpd", without knowing that they must
also remove proftpd-basic.

-- System Information:
Debian Release: lenny/sid
  APT prefers testing
  APT policy: (990, 'testing'), (500, 'unstable'), (500, 'stable'), (1, 'experimental')
Architecture: i386 (i686)

Kernel: Linux 2.6.25-2-686 (SMP w/1 CPU core)
Locale: LANG=es_AR.UTF-8, LC_CTYPE=es_AR.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/bash

Versions of packages proftpd depends on:
ii  proftpd-basic                 1.3.1-13   versatile, virtual-hosting FTP dae
ii  proftpd-mod-ldap              1.3.1-13   versatile, virtual-hosting FTP dae
ii  proftpd-mod-mysql             1.3.1-13   versatile, virtual-hosting FTP dae
ii  proftpd-mod-pgsql             1.3.1-13   versatile, virtual-hosting FTP dae

-- no debconf information
(See the proftpd-basic entry above.)