On Mon, 28 Jun 2004, Ian Jackson wrote: > Package: apache > Version: 1.3.26-0woody5 > > The security update to apache changed my httpd.conf and srm.conf in a > way that meant my system's website disappeared. > > I did get offered `Save these changes to the configuration files? [Y/n]' > and said yes, but:
You accepted a new configuration without checking it. It is exactly the same as many other tools to handle configurations. > * Security updates should be safe. In particular, security updates > should be doable with less care, checking, presence of mind, > etc. etc. than an elective upgrade. Negative. Security updated fix a bit of the code. The rest of the package stays the same. Please check: http://www.debian.org/doc/developers-reference/ch-pkgs.en.html#s-bug-security for more information. > * The default should not be to override a user-changed configuration. You asked for it once you told the script "Yes". You have been prompeted and warned. > * The default should not be to disable an existing website by > changing the DocumentRoot to the Debian default. Same as above. > * The question was preceded by a large amount of largely irrelevant > messages. This is not true in sarge/sid anymore. In any case there is nothing left as a bug in here. Fabio -- <user> fajita: step one <fajita> Whatever the problem, step one is always to look in the error log. <user> fajita: step two <fajita> When in danger or in doubt, step two is to scream and shout.
