Your message dated Thu, 25 Oct 2012 14:49:49 +0000 with message-id <e1trokn-0005l9...@franck.debian.org> and subject line Bug#688500: fixed in scuttle 0.7.4-8 has caused the Debian Bug report #688500, regarding scuttle: configuration file in /var (policy 10.7): /var/lib/scuttle/config_debconf.inc.php to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 688500: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=688500 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
--- Begin Message ---Package: scuttle Version: 0.7.4-7 Severity: serious User: debian...@lists.debian.org Usertags: piuparts Control: found -1 0.7.4-6 Hi, during a test with piuparts I noticed your package modifies shipped files. The modified file is a configuration file that is placed in /var This is forbidden by the policy, see http://www.debian.org/doc/debian-policy/ch-files.html#s-config-files 10.7.2: "Location: Any configuration files created or used by your package must reside in /etc. [...]" This file will be overwritten on upgrades/reinstallation, destroying local modifications. Violates 10.7.3. [following is the bug template for modifying conffiles, which may have some useful information, too] 10.7.3: "[...] The easy way to achieve this behavior is to make the configuration file a conffile. [...] This implies that the default version will be part of the package distribution, and must not be modified by the maintainer scripts during installation (or at any other time)." Note that once a package ships a modified version of that conffile, dpkg will prompt the user for an action how to handle the upgrade of this modified conffile (that was not modified by the user). Further in 10.7.3: "[...] must not ask unnecessary questions (particularly during upgrades) [...]" If a configuration file is customized by a maintainer script after having asked some debconf questions, it may not be marked as a conffile. Instead a template could be installed in /usr/share and used by the postinst script to fill in the custom values and create (or update) the configuration file (preserving any user modifications!). This file must be removed during postrm purge. ucf(1) may help with these tasks. See also http://wiki.debian.org/DpkgConffileHandling In https://lists.debian.org/debian-devel/2012/09/msg00412.html and followups it has been agreed that these bugs are to be filed with severity serious. debsums reports modification of the following files, from the attached log (scroll to the bottom...): /var/lib/scuttle/config_debconf.inc.php cheers, Andreas
scuttle_0.7.4-7.log.gz
Description: GNU Zip compressed data
--- End Message ---
--- Begin Message ---Source: scuttle Source-Version: 0.7.4-8 We believe that the bug you reported is fixed in the latest version of scuttle, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 688...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Marcelo Jorge Vieira (metal) <me...@debian.org> (supplier of updated scuttle package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@debian.org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Format: 1.8 Date: Mon, 22 Oct 2012 02:18:10 -0200 Source: scuttle Binary: scuttle Architecture: source all Version: 0.7.4-8 Distribution: unstable Urgency: high Maintainer: Marcelo Jorge Vieira (metal) <me...@debian.org> Changed-By: Marcelo Jorge Vieira (metal) <me...@debian.org> Description: scuttle - Web-based social bookmarking system Closes: 688500 Changes: scuttle (0.7.4-8) unstable; urgency=high . * Fixed configuration file in /var (policy 10.7) (Closes: #688500) - Moving config_debconf.inc.php from /var/lib to /etc Checksums-Sha1: 6f63492057d60bce3846883c7486de96b58e64f6 1827 scuttle_0.7.4-8.dsc b85aa2e89020ecb1c06aab39406a32dbcc959274 13015 scuttle_0.7.4-8.diff.gz 7bdd3c0944a3ba9563b391a61189f52d7fa79017 181378 scuttle_0.7.4-8_all.deb Checksums-Sha256: fae08dee7cab3112455405df3226669a45bb90adeddeb4f67a67f8352b5e89e0 1827 scuttle_0.7.4-8.dsc 7198fedc6bbde084b82ebf7c10ec68ea13cf8dda181324ec8d671c769354cd60 13015 scuttle_0.7.4-8.diff.gz 5375d7a86dae0ec92907c5059ac010f3e9e6145919093eb5034388d29ae2cf1d 181378 scuttle_0.7.4-8_all.deb Files: 5b4bd4aec193b341957c0ac5c21db8e8 1827 web optional scuttle_0.7.4-8.dsc 3d581596e42245eaa88b24dfb4ebc520 13015 web optional scuttle_0.7.4-8.diff.gz 2f220c85751922fda9b53e6e911acef8 181378 web optional scuttle_0.7.4-8_all.deb -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.12 (GNU/Linux) iQIcBAEBCAAGBQJQiU4JAAoJEAGffgcyZKXEklsP/Ax0FawY8Ye9xLGHJjOj4VQ1 qk+oBBE1spXG+YWL7uQtQNmwmpWEjaqFqEKyMukSCBXx2ILmvwe9a6eCW8tBjVQN MltXGgpIrgwlpzFDcFhjzyRUPBoNdfDM0qgwKuz9h+alvf/rQQ3rhQdv+mXZj68R VzWAGVDocgeSlnd4uNuQcjXyR2Sy/yu0W/LIT/C+EIJI9m72g2ftCzY8LqDvU71g gWR6QevTB344GvGlhVtVe8rtF9sjKjiPUxL+S5QmxgTQo89VjKdbscXn+Oqxgeim M+NeTu5YUY15Gfumr7JS/12izqdbsBI5wWbKzZP6sS79SoEEh2Csm26fOwfhiH72 n5ZaC89YhSJpmhLM4teSoTjK/26FI0+RefAFFTQQzjP7MZX1WjYMa5HXYgEn/NWd x2yr8XABgYGYW3ZkX1wHm9jU5pFy8Vw/s4BwCuEz9WYbAhnXor96f4bvB5JQ7H2k UigfAxFrirD7UJpxaDMFV9Ie4+6ypCNJE7ZoIYBHH3CROjzoyqQpKKmql8PzZxRJ ZvvvQsEjF6Sfyos+3Zb20amIWAIxbuzEPICKdlxgCXG9kXgvR9rM7MMdSxhVZwgo 3ZbvOYQM8+Jo9QQ5PRFXZxi5nVSvktBU06tEWMXF79J+Syb2i2G72T3Fl58ES9// G4VtulVlOXwDi7fJMdFR =LwfY -----END PGP SIGNATURE-----
--- End Message ---
