* Frank Küster: > Since all that debsecan-create-cron does is to choose a random time, set > the suite and decide whether the file should exist at all, it shouldn't > be hard to do that in a policy-conformant way:
The main reason why I did this way is that it's difficult to reschedule the actual work done by debsecan merely by editing the crontab entry. > - chosing a random time is only needed when the file doesn't exist Okay. > - the suite can be changed by a simple "sed -i" command This is also wrong because this is a crontab entry, not a configuration file. You cannot assume anything about its syntax (beyond the part which is interpreted by cron). sed -i is also not available on sarge IIRC, but it's esay to work around that. It seems that the "correct" fix is another level of indirection: The actual configuration has to be put into a file with tighter syntactic constraints.