Bug#402350: fail2ban: NEWS.Debian confusions
Package: fail2ban Version: 0.7.4-3 Severity: minor The NEWS.Debian for the recent changes refers to /etc/defaults/fail2ban. I think that's a typo, and /etc/default/fail2ban is intended. I think even with that correction, the current description is somewhat confusing. First, it mixes a file that is totally ignored (/etc/fail2ban.conf)--at least I think it's totally ignore--with one that has changed semantices (/etc/default/fail2ban). Second, the phrase to take advantage of the upgrade suggests that things will still be working if no action is taken. I believe the actual situation is that all of your configuration will be lost, in particular checks of anything except ssh will be lost, unless the administrator takes action. Here is a possible revised wording: This note clarifies and replaces the previous NEWS item. fail2ban 0.7 is a complete rewrite of the 0.6 version. The configuration scheme has changed [upstream?]: 0.7 ignores /etc/fail2ban.conf and instead uses a split configuration under /etc/fail2ban/. To retain your customizations, for example to monitor anything other than sshd, you will need to set them under that new directory; use *.local files for customizations. When you are satisfied with the new settings, please delete /etc/fail2ban.conf to avoid confusion. Also, the changes may affect /etc/default/fail2ban [how?]; you should review that file if you customized it. -- System Information: Debian Release: 4.0 APT prefers testing APT policy: (990, 'testing'), (990, 'stable'), (50, 'unstable') Architecture: i386 (i686) Shell: /bin/sh linked to /bin/bash Kernel: Linux 2.4.27advncdfs Locale: LANG=en_US, LC_CTYPE=en_US (charmap=ISO-8859-1) Versions of packages fail2ban depends on: ii iptables1.3.6.0debian1-5 administration tools for packet fi ii lsb-base3.1-22 Linux Standard Base 3.1 init scrip ii python 2.4.4-1 An interactive high-level object-o ii python-central 0.5.12 register and build utility for Pyt ii python2.4 2.4.4-1 An interactive high-level object-o fail2ban recommends no packages. -- no debconf information -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#402350: fail2ban: NEWS.Debian confusions
Hi Ross, Thank you for taking a moment to help me with this NEWS entry. The NEWS.Debian for the recent changes refers to /etc/defaults/fail2ban. I think that's a typo, and /etc/default/fail2ban is intended. indeed... and 10:31:15 seems to be not that late an night, so I am not sure how that slipped through my fingers ;-) I think even with that correction, the current description is somewhat confusing. Agree -- I like your wording better. So, I hate to, but IMHO I should simply replace old entry instead of adding another one. Otherwise it would bring more confusion and/or unnecessary warning for those who already upgraded to post 0.7.1-1. What would you say about few changes I've introduced in your tentative entry. I hope I didn't screw it up too bad fail2ban 0.7 is a complete rewrite of the 0.6 version, and if you customized any of provided configuration or startup files (/etc/default/fail2ban, /etc/fail2ban.conf, /etc/init.d/fail2ban), please read further. The configuration scheme has changed upstream: 0.7 ignores /etc/fail2ban.conf and instead uses a split configuration under /etc/fail2ban/. To retain your customizations, for example to monitor anything other than sshd, you will need to set them under that new directory; use *.local files for customizations. Please see /usr/share/doc/fail2ban/README.Debian.gz and http://fail2ban.sourceforge.net for further description of new configuration scheme. Detailed documentation is under development (see #400416). When you are satisfied with the new settings, please delete /etc/fail2ban.conf to avoid confusion. Fail2ban 0.7 uses client/server architecture and fail2ban-client is to substitute fail2ban command to provide an interface between the user and fail2ban-server. That is why some command line parameters present in fail2ban 0.6 are invalid in fail2ban-client. Such change affects /etc/default/fail2ban; you should review that file if you customized it. Please enable sections as directed in README.Debian.gz mentioned above. You must use newly shipped init.d/fail2ban, or otherwise fail2ban will not start. This note was rewritten to provide less clarifies and replaces the previous NEWS item since version 0.7.5-2. Here is a possible revised wording: This note clarifies and replaces the previous NEWS item. fail2ban 0.7 is a complete rewrite of the 0.6 version. The configuration scheme has changed [upstream?]: 0.7 ignores /etc/fail2ban.conf and instead uses a split configuration under /etc/fail2ban/. To retain your customizations, for example to monitor anything other than sshd, you will need to set them under that new directory; use *.local files for customizations. When you are satisfied with the new settings, please delete /etc/fail2ban.conf to avoid confusion. Also, the changes may affect /etc/default/fail2ban [how?]; you should review that file if you customized it. -- .-. =-- /v\ = Keep in touch// \\ (yoh@|www.)onerussian.com Yaroslav Halchenko /( )\ ICQ#: 60653192 Linux User^^-^^[17] pgp8Wu38KrghL.pgp Description: PGP signature
Bug#402350: fail2ban: NEWS.Debian confusions
On Sat, Dec 09, 2006 at 02:46:48PM -0500, Yaroslav Halchenko wrote: Hi Ross, Thank you for taking a moment to help me with this NEWS entry. The NEWS.Debian for the recent changes refers to /etc/defaults/fail2ban. I think that's a typo, and /etc/default/fail2ban is intended. indeed... and 10:31:15 seems to be not that late an night, so I am not sure how that slipped through my fingers ;-) I think even with that correction, the current description is somewhat confusing. Agree -- I like your wording better. So, I hate to, but IMHO I should simply replace old entry instead of adding another one. Otherwise it would bring more confusion and/or unnecessary warning for those who already upgraded to post 0.7.1-1. What would you say about few changes I've introduced in your tentative entry. I hope I didn't screw it up too bad Sounds good, except for the last sentence (see below). I have a feeling policy may frown on rewriting NEWS or changelogs after the fact, but this certainly seems like a good case in which to do so. The only possible drawback I can see is that people who upgraded and got the old NEWS will not get the new NEWS (if they use apt-listchanges). On the other hand, it will be much less confusing for people who are still at .6 to see only a single NEWS entry. fail2ban 0.7 is a complete rewrite of the 0.6 version, and if you customized any of provided configuration or startup files (/etc/default/fail2ban, /etc/fail2ban.conf, /etc/init.d/fail2ban), please read further. The configuration scheme has changed upstream: 0.7 ignores /etc/fail2ban.conf and instead uses a split configuration under /etc/fail2ban/. To retain your customizations, for example to monitor anything other than sshd, you will need to set them under that new directory; use *.local files for customizations. Please see /usr/share/doc/fail2ban/README.Debian.gz and http://fail2ban.sourceforge.net for further description of new configuration scheme. Detailed documentation is under development (see #400416). When you are satisfied with the new settings, please delete /etc/fail2ban.conf to avoid confusion. Fail2ban 0.7 uses client/server architecture and fail2ban-client is to substitute fail2ban command to provide an interface between the user and fail2ban-server. That is why some command line parameters present in fail2ban 0.6 are invalid in fail2ban-client. Such change affects /etc/default/fail2ban; you should review that file if you customized it. Please enable sections as directed in README.Debian.gz mentioned above. You must use newly shipped init.d/fail2ban, or otherwise fail2ban will not start. That helps me understand what changes to look for in those files. This note was rewritten to provide less clarifies and replaces the previous NEWS item since version 0.7.5-2. That sentence doesn't parse in English. Here's what I think you mean: This note was rewritten in release 0.7.5-2 to clarify its meaning. Here is a possible revised wording: This note clarifies and replaces the previous NEWS item. fail2ban 0.7 is a complete rewrite of the 0.6 version. The configuration scheme has changed [upstream?]: 0.7 ignores /etc/fail2ban.conf and instead uses a split configuration under /etc/fail2ban/. To retain your customizations, for example to monitor anything other than sshd, you will need to set them under that new directory; use *.local files for customizations. When you are satisfied with the new settings, please delete /etc/fail2ban.conf to avoid confusion. Also, the changes may affect /etc/default/fail2ban [how?]; you should review that file if you customized it. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#402350: fail2ban: NEWS.Debian confusions
... I have a feeling policy may frown on rewriting NEWS or changelogs after the fact, but this certainly seems like a good case in which to do so. The only possible drawback I can see is that people who upgraded and got the old NEWS will not get the new NEWS (if they use apt-listchanges). Well - I see it not as a drawback but as a desired behavior. There will be corresponding changelog entry about changed NEWS entry, so they are welcome to review it. On the other hand, it will be much less confusing for people who are still at .6 to see only a single NEWS entry. Yeah - that sounds in line with my thinking. Also, NEWS is not quite a changelog entry, so I feel ok modifying it. Also, since the change of configuration scheme is quite an important event, I had duplicated given NEWS entry in postinst script (simply duplicated the same text). Now I will have to modify it or to substitute it with some sed command on NEWS file; and indeed apt-listchanges people might see it twice. But better be warned twice in a consistent way than to stay unalarmed. This note was rewritten to provide less clarifies and replaces the previous NEWS item since version 0.7.5-2. That sentence doesn't parse in English. Here's what I think you mean: This note was rewritten in release 0.7.5-2 to clarify its meaning. doh... that sentence skipped my proofreading -- thanks once again! -- .-. =-- /v\ = Keep in touch// \\ (yoh@|www.)onerussian.com Yaroslav Halchenko /( )\ ICQ#: 60653192 Linux User^^-^^[17] pgprvVAkHFXvG.pgp Description: PGP signature
Bug#402350: fail2ban: NEWS.Debian confusions
Actually I adjusted postinst message to be WARNING! Fail2ban 0.7 is a complete rewrite of the 0.6 version, and if you customized any of provided configuration or startup files (/etc/default/fail2ban, /etc/fail2ban.conf, /etc/init.d/fail2ban), please read relevant entry in /usr/share/doc/fail2ban/NEWS.Debian.gz. -- .-. =-- /v\ = Keep in touch// \\ (yoh@|www.)onerussian.com Yaroslav Halchenko /( )\ ICQ#: 60653192 Linux User^^-^^[17] -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]