Package: a2d
Version: 2.0.1-1
Severity: serious
Justification: Policy 10.7.3
Found during package review:
postinst has:
#Remove user conf files
case "$1" in
purge|remove|deconfigure|disappear)
# Remove the user-generated configuration file
if [ -e "/etc/a2d" ]; then
rm -r /etc/a2d
fi
if [ -e "/var/lib/a2d" ]; then
rm -r /var/lib/a2d
fi
if [ -e "/var/log/a2d_gu_error.log" ]; then
rm -r /var/log/a2d_gu_error.log
fi
;;
*)
# For other cases, do nothing
;;
esac
Multiple issues.
- Deleting user data is postinst must only done when purging.
- /etc/a2d is handled as conffile, it it dpkg's job to clean it up.
- /var/lib/a2d and /var/lib/a2d/dbs is also shipped with the package,
and removing the directories should also be left to dpkg.
(If possible the package should only delete the files it has
created itself.)
