-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hi Elijah and Adam!
Elijah wrote: > ...is extremely unclear. this prompt asks whether people want to > reconfigure the ports on which IMAP listens on, which may have security > implications for the system being used. this prompt DESPERATELY needs > to be rewritten in a more clear, explanatory, detailed way. Adam wrote (just a few minutes later): > This text is incomprehensible to me, a casual ipopd-user, long-time > GNU/Linux-user/administrator. > > Especially the first sentence puzzles me; enabling? What enabling? > And why would the port selection not be respected on > reconfiguration? Why would I want to ignore the changes I make > locally (and what is meant by 'locally'? Changes I make on my > machine are local by definition, or?!)? What would happen? I am very open to suggestions on this, but probably then need to introduce you to the problem behind the new debconf question: Local setup changes must be respected by Debian packages. Normally, if you want to use a tcp port for something unusual you avoid installing a Debian package using that port. But uw-imapd and ipopd both handle several ports on the system, and some users want to use some of the ports locally and some from the package. Debconf is nice. But it is not a mandatory tool for local admins, so if they choose to mess around with /etc/inetd.conf directly their changes must still be respected. That is, if debconf choices and actual inetd configuration are unequal, inetd configuration takes precedence. No, it is not possible to parse /etc/inetd.conf and update debconf, so that users of debconf can be asked (through debconf) if changes should be respected or not. The reason is that there's more than one inetd (xinetd being one of the alternatives) and the standard interface (update-inetd) does not support querying the current state, only apply requested changes. So, you find the new question odd? I do too, but can't figure out a better one myself. Only better solution I can come up with is to drop using debconf. But that would be horrible to those that have already responded to the debconf question and now expect their answers to be maintained. Elijah also wrote: > i am filing this bug as a critical security bug because of the strong > possibility that folks will make bad decisions based on the unclear > prompt. You did in fact only file it as "normal" (probably because you used reportbug and could provide an acceptable reason for raising it higher). Adam marked it as wishlist - but I agree it stinks, so have sttled on "normal". Raise it if you feel like it (but beware that if uw-imap is pulled from sarge then off goes most webmail applications too!). Please come up with something brilliant! Regards, - Jonas - -- * Jonas Smedegaard - idealist og Internet-arkitekt * Tlf.: +45 40843136 Website: http://dr.jones.dk/ - Enden er nÃr: http://www.shibumi.org/eoti.htm -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.0 (GNU/Linux) Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org iD8DBQFCTaOTn7DbMsAkQLgRAkDbAKCUdutlWdIKiQ7yWFhX2noGoPRXPwCePnr2 EhfG8x07OmQpXVuX34lF4iU= =YMGs -----END PGP SIGNATURE-----
