Am 26.02.2010 14:24, Jan Sievers schrieb: > As of writing this I start thinking if it is not even better to *only* > call > > > /etc/init.d/setkey stop > > > in an *ipsec-tools.setkey.prerm* script, since the IPsec SP database is > closely associated with the setkey service and just indirectly with > racoon, which is just one ISAKMP daemon of many. > > And probably somebody could install racoon and ipsec-tools and decide > later to only use ipsec-tools and deinstall racoon, which would flush > the SP database, although the person wants to continue to use > ipsec-tools.
Good point. I moved the associated maintainer script from racoon to ipsec-tools as it's indeed a possible case that someone *only* removes racoon. This will be in 1:0.7.3-3 soon. In case of upgrade of either ipsec-tools or racoon i'll keep the SA/SD associations in kernel. thanks stefan -- Stefan Bauer ----------------------------------------- PGP: E80A 50D5 2D46 341C A887 F05D 5C81 5858 DCEF 8C34 -------- plzk.de - Linux - because it works ---------- -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org