On Thu, Dec 17, 2009 at 5:51 PM, Michael Gilbert <michael.s.gilb...@gmail.com> wrote: > On Thu, 17 Dec 2009 16:13:36 +0200, Teodor wrote: >> As it can be seen postinstall already has a check for the existence of the >> config >> file /etc/cacti/apache.conf. Please add the same check for creating the >> symlink. > > this may very well appear to be an issue, but i don't think removing > conf files is a good way of trying to increase security. it is > certainly not the debian way, and i think all bets are off when it > comes to what packages do when their files have gone missing.
I think this is covered by Debian policy, at least for init.d scripts which are also considered configuration files. > it is much more optimal to manually edit the conf files to achieve > whatever security level you desire. as an added bonus, when you > upgrade the package, you will get the option to keep your modified conf > files. Yes, I usually do the same but Cacti was the exception due to the apache2 symlink which I have forgotten at one cacti upgrade and the cacti graphs were publicly visible for several weeks until I noticed. I still believe that a check should be added for the symlink. If it was removed, don't RE-add it, it the source conf file /etc/cacti/apache.conf doesn't exist remove the broken symlink. Thanks -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
