Package: mrtg
Version: 2.17.10-5+deb12u1
Severity: serious
User: debian...@lists.debian.org
Usertags: piuparts
Control: block 1040860 with -1

Hi,

during a test with piuparts I noticed your package modifies conffiles.
This is forbidden by the policy, see
https://www.debian.org/doc/debian-policy/ch-files.html#configuration-files

10.7.3: "[...] The easy way to achieve this behavior is to make the
configuration file a conffile. [...] This implies that the default
version will be part of the package distribution, and must not be
modified by the maintainer scripts during installation (or at any
other time)."

Note that once a package ships a modified version of that conffile,
dpkg will prompt the user for an action how to handle the upgrade of
this modified conffile (that was not modified by the user).

Further in 10.7.3: "[...] must not ask unnecessary questions
(particularly during upgrades) [...]"

If a configuration file is customized by a maintainer script after
having asked some debconf questions, it may not be marked as a
conffile. Instead a template could be installed in /usr/share and used
by the postinst script to fill in the custom values and create (or
update) the configuration file (preserving any user modifications!).
This file must be removed during postrm purge.
ucf(1) may help with these tasks.
See also https://wiki.debian.org/DpkgConffileHandling

In https://lists.debian.org/debian-devel/2012/09/msg00412.html and
followups it has been agreed that these bugs are to be filed with
severity serious.

debsums reports modification of the following files,
from the attached log (scroll to the bottom...):

  /etc/mrtg/mrtg.cfg


My impression is that the unmodified new conffile (from bookworm) gets
overwritten with the unmodified old conffile (from bullseye), something
that shouldn't happen.

I'd suggest to withdraw the 2.17.10-5+deb12u1 bookworm-pu update and
revisit that for the next point release (there is no time left to fix
this properly before saturday). I have some idea how this could be
solved better, but I need to try that first.


cheers,

Andreas

PS: piuparts runs under DEBIAN_FRONTEND=noninteractive

Attachment: mrtg_2.17.10-5+deb12u1.log.gz
Description: application/gzip

Reply via email to