Thijs Kinkhorst sent the following at 19/05/2008 08:52:
severity 481469 minor
thanks
Hi Fabio,
Thanks for bringing this to our attention.
I see that the upgrade which deprecates mail_extra_groups is regarded as
having been fixed. Â However, I don't think the fix is optimal for most of
us. Â I opted to use my old config file when upgrading as there was no clear
warning not to do this,
There /is/ a clear warning not to do that, and it is in the advisory text.
This is the place were updates to stable security and their consequences are
announced.
Besides, in general in Debian users not accepting config file changes on
upgrade are considered themselves responsible for fixing it up, and this is
especially so in the case of a security upgrade when you as a user can expect
that that change has not been made lightly.
It's a pity that the error warnings are not very clear, but that is a minor
issue and not something appropriate to be changing in a security update. It
also doesn't render the package unusable.
I'm marking the bug as minor. You can ask the stable release team if they're
willing to accept an update for this, but it's out of the scope of the
security team.
cheers,
Thijs
I accept that it was stupid not to accept the installation conf file and
I don't have any idea what makes something worthy of a security upgrade
I wasn't actually asking for a security bug fix.
It seems to me that anyone who was hit by this one will either have
sorted this out by now (or not be able to to pick up email if they're
IMAP/POP dependent!) so I too can see that it's not really a security
upgrade. Given that, I'm not even sure there's that much point in the
stable release team fixing it but surely what's needed is for this to go
into bugzilla so that google searches will pick it up and for the
upstream and perhaps the security team, if it was their change, to agree:
a) the meaning of "deprecated", I think it was incorrectly used here and
should have said "has been disabled and the program will not run with
this option still in the conf file"
b) documenting such changes in the package docs,
c) to restart such processes if they have had a change made that could
crash an old conf file: at least that way such things will show up
immediately helping us understand what's happened.
For the record, the change did make the package unusable but not until
the next time the process is restarted and it made it unusable with no
error message and no documentation clarifying the change nor is there
such clarification in the upstream wiki. I do think that needs
documenting in hope that future upgrades avoid this.
Many thanks,
Chris
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
