Control: severity -1 serious Hello!
While looking at atftp source for #777783 and found it not to be in the best shape, I also stumbled on packaging issues as already reported in this bug report (#412185) which seems like policy violations to me. Adjusting severity accordingly. The already reported problem of overwriting configuration is definitely serious, and doing it without even leaving a backup of the old configuration is possibly even grave. It was not obvious to me how/if /etc/default/atftpd actually would/could get overwritten but I spotted the following related issues in debian/atftpd.postinst: overwrites or removes /etc/logrotate.d/atftpd reconfigures system (eg. update-inetd) without updating /etc/default/atftpd if it already exists, possibly leaving configuration in a inconsistent state. Re-creates /etc/default/atftpd if admin has removed it. The above problems seems to be bi-products of the "fix" for Bug#266329. Previously the package would guard against overwriting user config by asking the user if reconfiguration was wanted. This is not the best approach but probably would avoid RC-buggyness. A more modern approach would be to generate new configuration to temporary files and use ucf to update the system config. While at it I also noticed: direct calls to /etc/init.d/atftpd instead of using invoke-rc.d, overriding daemon policies. # egrep BASEDIR=.?/ debian/at* debian/atftpd.postinst:BASEDIR=/srv/tftp debian/atftpd.postrm: BASEDIR="/var/lib/tftpd" It seems this package needs a serious overhaul both of the upstream code and the packaging to get it into good condition. Maybe it would be better to have it removed since there seems to be multiple other tftp implementations available to choose from. Regards, Andreas Henriksson -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
