Package: debsecan Version: 0.4.3.5 Severity: serious Justification: Policy 10.7.3, http://release.debian.org/etch_rc_policy.txt (3., last paragraph)
$ cat /etc/cron.d/debsecan # cron entry for debsecan # # AUTOMATICALLY GENERATED # (Delete the preceding line if you edit this file.) 40 * * * * daemon test -x /usr/bin/debsecan && /usr/bin/debsecan --suite etch --mailto root --cron # (Note: debsecan delays actual processing past 2:00 AM, and runs only # once per day.) This is not acceptable behavior. In detail: The postinst script of debsecan overwrites local changes, because the config script does not look into the configuration file, just into the debconf database (which is *not* meant as a registry), and the postinst relies on the debconf information and the presence of the "AUTOMATICALLY GENERATED" line. Since all that debsecan-create-cron does is to choose a random time, set the suite and decide whether the file should exist at all, it shouldn't be hard to do that in a policy-conformant way: - chosing a random time is only needed when the file doesn't exist - the suite can be changed by a simple "sed -i" command - I suggest not to remove the file, but instead add a comment sign before the cron line (or remove it, to enable), which can also be done easily with sed. Regards, Frank -- System Information: Debian Release: 4.0 APT prefers testing APT policy: (500, 'testing'), (99, 'unstable') Architecture: i386 (i686) Shell: /bin/sh linked to /bin/bash Kernel: Linux 2.6.18-3-686 Locale: [EMAIL PROTECTED], [EMAIL PROTECTED] (charmap=ISO-8859-15) Versions of packages debsecan depends on: ii debconf [debconf-2.0] 1.5.11 Debian configuration management sy ii python 2.4.4-2 An interactive high-level object-o ii python-apt 0.6.19 Python interface to libapt-pkg Versions of packages debsecan recommends: ii cron 3.0pl1-100 management of regular background p ii exim4 4.63-17 metapackage to ease exim MTA (v4) ii exim4-daemon-light [mail-tran 4.63-17 lightweight exim MTA (v4) daemon -- debconf information: * debsecan/report: true * debsecan/suite: etch -- Dr. Frank Küster Single Molecule Spectroscopy, Protein Folding @ Inst. f. Biochemie, Univ. Zürich Debian Developer (teTeX/TeXLive)
