Ola Lundqvist <[EMAIL PROTECTED]> (21/04/2006): > On Fri, Apr 21, 2006 at 12:14:01PM +0200, Thomas Huriaux wrote: > > But if your package does nothing else than providing help to the > > administrator, why don't you create a simple binary to display these > > instructions? I still don't understand the reason to display these > > instructions during the installation process, at it does not change > > anything for the package usability. > > Why should I create a binary when I can just write it in a documentation.
My idea with a binary was to remove the conflicts, and to let the user
choose what to be removed or not by launching this binary. For example:
test if servers with plaintext passwords are installed
if true
display harden-servers/plaintext
prompt the user to remove the incriminated package
if yes
removal of the incriminated package
But that would change the philosophy of the package.
> The usefulness of this package is that the admin will know about
> this _during_ the installation.
>
> I still do not understand why you have a problem with this.
Because installation is not the place to care about this. As I've said,
the purpose of a package should be documented on places such as package
description, project website, ..., the use of a package should be
documented in manpages, README files, etc. Keep the things where they
belong.
Just imagine that every package displays debconf notes such as your
package does (i.e. notes that are not related with the package
configuration). I really think that Debian would be unconfigurable, as
every package would stop the installation procedure many times
(especially true for harden/welcome, even if it is also true for the
other notes).
Another problem that I see with this: during the installation procedure,
I usually only want to configure the newly installed packages. In this
case, I'm installing the harden suite and plenty of other packages. As
I've seen that the Debconf notes were not related with the configuration,
I just read them but took no action immediatly, as it is better to finish
the full installation before reconfiguring other packages. Now that my
installation is finished, I want to make my system secure.
I don't think that dpkg-reconfigure harden-servers is the intuitive
way to find the instructions (this is especially true for the
harden-servers/vncserver and harden-servers/inetd notes).
Finally, I would accept some notes being displayed during the installation
procedure, but only before being prompted by apt/aptitude if I accept to
remove packages that conflict with harden* (in the case of
harden-servers/plaintext and harden-clients/plaintext). This is
unfortunately not possible, AFAIK. With the current conception of the
package, these notes are displayed too late to be useful during the
installation procedure.
Conclusion: If you want to keep the current philosophy of the package
without bothering users with pointless notes, you should take the
following actions:
* remove harden/welcome (or move it to a README.Debian file)
* remove harden-*/plaintext and emphasize (if needed) the package
description about the conflicts
* provide documentations such as README, manpage, ... for
harden-servers/inetd and harden-servers/vncserver (and of course
remove those notes)
Cheers,
--
Thomas Huriaux
signature.asc
Description: Digital signature
