Your message dated Sun, 13 Apr 2003 21:12:04 +0100 with message-id <[EMAIL PROTECTED]> and subject line Fixed has caused the attached Bug report to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what I am talking about this indicates a serious mail system misconfiguration somewhere. Please contact me immediately.) Debian bug tracking system administrator (administrator, Debian Bugs database) -------------------------------------- Received: (at submit) by bugs.debian.org; 29 Jul 2002 22:57:41 +0000 >From [EMAIL PROTECTED] Mon Jul 29 17:57:41 2002 Return-path: <[EMAIL PROTECTED]> Received: from chiark.greenend.org.uk [212.135.138.206] (mail) by master.debian.org with esmtp (Exim 3.12 1 (Debian)) id 17ZJSP-0003P0-00; Mon, 29 Jul 2002 17:57:41 -0500 Received: from (ming.empire.pick.ucam.org) [172.16.22.12] (mail) by chiark.greenend.org.uk with esmtp (Exim 3.12 #1) id 17ZJSN-0006Qw-00 (Debian); Mon, 29 Jul 2002 23:57:39 +0100 Received: from matthew by ming.empire.pick.ucam.org with local (Exim 3.35 #1 (Debian)) id 17ZJSN-0007z9-00; Mon, 29 Jul 2002 23:57:39 +0100 From: Matthew Vernon <[EMAIL PROTECTED]> To: Debian Bug Tracking System <[EMAIL PROTECTED]> Subject: boot-floppies,www.debian.org: release notes give incorrect advice to ssh users, and attempt to subvert the package maintainer X-Mailer: reportbug 1.50 Date: Mon, 29 Jul 2002 23:57:39 +0100 Message-Id: <[EMAIL PROTECTED]> Sender: Matthew Vernon <[EMAIL PROTECTED]> Delivered-To: [EMAIL PROTECTED] Package: boot-floppies,www.debian.org Version: N/A; reported 2002-07-29 Severity: critical Tags: security Justification: breaks unrelated software Hi, The paragraph: "Please note that the ssh package in this release enables root logins by default. (Disabled in 2.2) If you do not need this feature for remote access to your system you should ensure that the PermitRootLogin option in /etc/ssh/sshd_config is set to no after upgrade for security reasons. To ensure dpkg never updates the file to match new defaults, you can simply modify the file locally. Adding a blank line is enough." (in section 3.2.2) should be removed immediatly for these reasons: a) installing the new package tells you the useful parts of this information already (to wit, that the default has changed, and how to set it back if you so wish) b) it is factually incorrect (the postinst will offer to auto-generate a new configuration file for you if you're upgrading from the 1.3 package, and do nothing in this regard otherwise); dpkg will not do anything to the configuration file on upgrade to woody in any case. Thus it will confuse people as to what is going on wrt PermitRootLogin c) the wording is clearly designed to subvert the package maintainers' default, and indeed with the security properties of this setting. Without entering into a debate on the rights and wrongs of this setting (since this is not the place to do so), it is absurd that we should ship with a package and release notes that disagree with each other; the release notes should go along with the packages in question, so we at least appear to be consistent. If the author of this section of the release notes (who was not me) disagrees with my defaults for the ssh package, then there are other fora to air those disagreements. -- System Information Debian Release: 3.0 Architecture: i386 Kernel: Linux ming 2.2.20 #4 Tue Jun 18 13:51:22 BST 2002 i686 Locale: LANG=C, LC_CTYPE=C --------------------------------------- Received: (at 154788-done) by bugs.debian.org; 13 Apr 2003 20:12:14 +0000 >From [EMAIL PROTECTED] Sun Apr 13 15:12:08 2003 Return-path: <[EMAIL PROTECTED]> Received: from hades.robster.org.uk (hades.evilgeniuses.org.uk) [212.111.35.118] by master.debian.org with esmtp (Exim 3.12 1 (Debian)) id 194npd-0001Ne-00; Sun, 13 Apr 2003 15:12:05 -0500 Received: by hades.evilgeniuses.org.uk (Postfix, from userid 1000) id 7CF2E53873; Sun, 13 Apr 2003 21:12:04 +0100 (BST) Date: Sun, 13 Apr 2003 21:12:04 +0100 From: Rob Bradford <[EMAIL PROTECTED]> To: [EMAIL PROTECTED] Subject: Fixed Message-ID: <[EMAIL PROTECTED]> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.3.28i Delivered-To: [EMAIL PROTECTED] X-Spam-Status: No, hits=-1.2 required=4.0 tests=SIGNATURE_SHORT_DENSE,SPAM_PHRASE_00_01,USER_AGENT, USER_AGENT_MUTT version=2.44 X-Spam-Level: This bug was fixed a couple of months back. Now we dont say anything about ssh wrt root logins; the onus is completely on debconf. Cheers, Rob -- Rob 'robster' Bradford http://robster.org.uk