Francois Marier wrote: > Now the problem (see bug #462658) is that if you ever put a non-empty > password there, then, you can no longer get rid of it after > dpkg-reconfiguring the package. debconf seems to be ignoring empty password > fields and still returns the previous value.
This is a deficiency in debconf's UIs for prompting for password. Since there's generally no sane way to display the old password as the default and allow users to change it or delete the password entirely, debconf instead displays no password, and if the user enters nothing, assumes they meant to enter the old password unchanged. I think that the best approach is to clear your password value out of debconf's database after it has prompted for the password, to avoid storing a copy of the password there, and to avoid re-asking for the password if one is configured in the file. BTW, your package's postinst writes the password to $CONFIG_FILE before running chmod 600 $CONFIG_FILE, which is a small security hole. Your package also seems to use debconf as a registry -- when upgraded or dpkg-reconfigured it ignores the content of the config file and replaces it with the values from the debconf database. -- see shy jo
signature.asc
Description: Digital signature