Hi all, It's pretty clear that this problem was introduced in RFS procedure [0]. Seems that it is not a good solution and should be reverted.
The mentor in RFS procedure was worried about *fixed* password in conffile [1], and the solution was to use apg in postinst script [0]. I would state that the originally proposed problem actually does not exist. First of all, the default shipped conffile is a stub [2] and will not work if you don't modify it. The server will listen to 127.0.0.1:8388 and not accessible from external network, so no security vulanability will take place. We should expect users to change the fixed password when doing necessary configurations. But if the fixed password *is* a problem, a better solution may be not to ship configuration json file by default. One (or more) example configuration file(s) may be shipped as a demonstration. [0] https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=825532#57 [1] https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=825532#43 [2] https://github.com/rogers0/shadowsocks-libev/blob/pkg7/debian/config.json -- Regards, Boyuan Yang 2016-07-04 0:43 GMT+08:00 Andreas Beckmann <a...@debian.org>: > Package: shadowsocks-libev > Version: 2.4.7+20160630+ds-1 > Severity: serious > User: debian...@lists.debian.org > Usertags: piuparts > > Hi, > > during a test with piuparts I noticed your package modifies conffiles. > This is forbidden by the policy, see > https://www.debian.org/doc/debian-policy/ch-files.html#s-config-files > > 10.7.3: "[...] The easy way to achieve this behavior is to make the > configuration file a conffile. [...] This implies that the default > version will be part of the package distribution, and must not be > modified by the maintainer scripts during installation (or at any > other time)." > > Note that once a package ships a modified version of that conffile, > dpkg will prompt the user for an action how to handle the upgrade of > this modified conffile (that was not modified by the user). > > Further in 10.7.3: "[...] must not ask unnecessary questions > (particularly during upgrades) [...]" > > If a configuration file is customized by a maintainer script after > having asked some debconf questions, it may not be marked as a > conffile. Instead a template could be installed in /usr/share and used > by the postinst script to fill in the custom values and create (or > update) the configuration file (preserving any user modifications!). > This file must be removed during postrm purge. > ucf(1) may help with these tasks. > See also https://wiki.debian.org/DpkgConffileHandling > > In https://lists.debian.org/debian-devel/2012/09/msg00412.html and > followups it has been agreed that these bugs are to be filed with > severity serious. > > debsums reports modification of the following files, > from the attached log (scroll to the bottom...): > > /etc/shadowsocks-libev/config.json > > > cheers, > > Andreas
