Sam Hartman <hartm...@debian.org> writes: >>>>>> "Andreas" == Andreas Hasenack <andr...@canonical.com> writes:
> >> And what dependency should a package that wants to use included > >> fragments have to ensure that those included fragments are > >> loaded? > I don't think you can. > An administrator might remove the includedir. > krb5.conf might be a symlink. > I think the strongest hint you can make is breaks krb5-config << > version. I'm not sure what that means for https://bugs.debian.org/756880 then. I want to move the minimum_uid setting into a configuration fragment so that people can easily change it as a conffile instead of having to stop using pam-auth-update if they need to change it. But if that setting is not applied somehow, this may allow local root compromise in pathological cases of Kerberos realms where people have unexpected principal names. I guess I can yell really loud in NEWS.Debian and call that good enough. Or add some postinst probe to make sure that the include is present, although I hate doing that because it means debconf, translations, and all of that machinery. Of course, this work is not required to solve my problem in a separate package. :) I was just hoping that it would. -- Russ Allbery (r...@debian.org) <https://www.eyrie.org/~eagle/>
