-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 tags 895135 - security severity 895135 wishlist thanks
Hello Roger, thank you for spending your time helping to make Debian better with this bug report. Some comments on your bug report: The steps required to use the update-resolv-conf script are described in the README.debian. [Quote] You want to install resolvconf package. [/ Quote] So openvpn also runs on installations that due to the policy do not allow resolvconf, resolvconf is only marked as suggests. > The exit 0 needs to be replaced by > > 1. A message in the log "Looks like you have forgotten package > resolvconf" Good idea. Will we implement. > 2. At exit 1 to assure that the openvpn client can not start. No. The change means a fundamental change to the behavior of the script. The danger that then existing installations the openvpn connections not working properly is too high. > 3. Nice to have: A notification to Joe that his openvpn setup is > broken. No. Is not possible because the script must also running without any graphical user interface. Summary: This bug is a problem due to the manual setup. If the script is by a user and / or an admin is used, are also the requirements (here installation of resolvconf) to fulfill. As already written the change of the behavior of the script is without problems not possible with existing installations. But it is free for everyone to adapt the script to his needs. In the described scenario, the real problem is the use of a possible manipulated name server. This can be easily prevented by a proper system setup. I therefore change the severity to wishlist and remove the security tag. CU Jörg - -- New: GPG Fingerprint: 63E0 075F C8D4 3ABB 35AB 30EE 09F8 9F3C 8CA1 D25D GPG key (long) : 09F89F3C8CA1D25D GPG Key : 8CA1D25D CAcert Key S/N : 0E:D4:56 Old pgp Key: BE581B6E (revoked since 2014-12-31). Jörg Frings-Fürst D-54470 Lieser git: https://jff.email/cgit/ Threema: SYR8SJXB Wire: @joergfringsfuerst Skype: joergpenguin Ring: jff Telegram: @joergfringsfuerst My wish list: - Please send me a picture from the nature at your home. -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEY+AHX8jUOrs1qzDuCfifPIyh0l0FAltdo5EACgkQCfifPIyh 0l2zlBAAnkGM9b7YmeTRvT0kF1CI8NcGZsC8NbfhnfTF12F9dces0dgRMSZBx2u7 KQUbSsht3VAuD+q5bXSpdb88njBd3+fipReDFPXIZPBGLiD4qUpUdajo1K9FNL8R 61OIM/7jtT4B748cmsIpy+OZf/Hc5PEsTZuor2Xdjm15Zv9VkRv5QhoN0vF7STSa gaiJHsEtKRbvhx532CduneYW/EOhgw5mfLcNY/KHjBiGa88uhsyPrWXnEQ5ApbX6 6cZsnGS2LIIyeCobxg4dio4HsJ2MZrf+vHqiypZntmSuOSrBf8NJlu79DPYK38T8 Byw523cK7V9htscYwVu5NrbcEdCVsj+8j9WAWkXpUujrma8P0zPX8eROZPqkj23J nioj9EdPFHKyzaPsJ8eyM16FXmVBiGguHMeI1J72Pr1Rc9e+pM8ZUt71Ju23WbPF flkTKOFYinyX2e43HA+hmJQ/P0UJyEUwKJG+4XRKU8dJ0TYEGEhNXkphzxRLyW23 952lBpiCujLdrywBNUNeLEIB0Pp0XDf6LYEJILyoOxENrQBfHb9VPMYyMH5VfQUx hwUSxx0aAzCaF10AxzozNFG5dUFcDc4UZXsNi1j5doZMU7rDuz0Z0Dn4tJXcF2In FHnkkaDr0wh2TWVaZB/yjviAw7HEa9049dd98zWKM49rtEmyUHI= =xgym -----END PGP SIGNATURE-----
