sugarplum: modifies apache config without asking
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
wwwconfig-common (Debian) |
Fix Released
|
Unknown
|
|||
wwwconfig-common (Ubuntu) |
Fix Released
|
Low
|
Thom May |
Bug Description
Automatically imported from Debian bug report #268093 http://
In Debian Bug tracker #268093, sean finney (seanius) wrote : Re: Bug#268067: sugarplum: modifies apache config without asking | #1 |
In Debian Bug tracker #268093, sean finney (seanius) wrote : [seanius@debian.org: Re: Bug#268067: sugarplum: modifies apache config without asking] | #2 |
clone 268067 -1
reassign -1 wwwconfig-common
merge 268067 -1
thanks
oops, didn't cc control...
----- Forwarded message from sean finney <email address hidden> -----
Date: Wed, 25 Aug 2004 18:15:38 -0400
From: sean finney <email address hidden>
To: christian mock <email address hidden>, <email address hidden>
Subject: Re: Bug#268067: sugarplum: modifies apache config without asking
clone 268067 -1
reassign -1 wwwconfig-common
merge 268067 -1
thanks
hi christian,
i'm duplicating, reassigning, and merging the bug in question so that
it involves the maintainer of wwwconfig-common as well. all further
bug reports will include both packages.
On Wed, Aug 25, 2004 at 10:54:13PM +0200, christian mock wrote:
> sugarplum's postinst, via the wwwconfig-common scripts (if available)
> modifies httpd.conf files of apache, apache-ssl and apache-perl if
> available, without asking or even informing the administrator.
>
> this is a violation of the policy ch 10.7.3:
>
> "[scripts] must not overwrite or otherwise mangle the user's
> configuration without asking".
plus, it's the config of another package, which is a also no-no.
really, the problem is that debian hasn't standardized on a way for dynamic
web apps the likes of sugarplum to install/configure themselves with
webservers such as apache. many maintainer scripts go so far as to just
echo "Include foo >> /etc/apache/
is pretty horrible.
as the maintainer, i made what i felt was the best choice i could
while still giving the user the drop-in install joy of dpkg/apt
by using an at least semi-standardized means for inclusion. this way,
when debian does develop a standard for such things (or decides that
such things must rely on the admin) wwwconfig-common could be patched
and the 40-50 packages using it would be brought in compliance. you might
want to follow up on a recent thread on the topic[1] -- at least it's
being actively discussed, and progress is being made on the issue.
i'm also going to cc debian-devel on this, to solicit more developer
opinion. my plan will be to either remove this functionality from my
package, or to work out a solution that at least prompts the admin for
what to do (ideally by patching wwwconfig-common).
sean
[1] http://
--
----- End forwarded message -----
Debian Bug Importer (debzilla) wrote : | #3 |
Automatically imported from Debian bug report #268093 http://
Debian Bug Importer (debzilla) wrote : | #4 |
Message-Id: <email address hidden>
Date: Wed, 25 Aug 2004 22:54:13 +0200
From: christian mock <email address hidden>
To: Debian Bug Tracking System <email address hidden>
Subject: sugarplum: modifies apache config without asking
Package: sugarplum
Version: 0.9.10-3
Severity: serious
Justification: Policy 10.7.3
sugarplum's postinst, via the wwwconfig-common scripts (if available)
modifies httpd.conf files of apache, apache-ssl and apache-perl if
available, without asking or even informing the administrator.
this is a violation of the policy ch 10.7.3:
"[scripts] must not overwrite or otherwise mangle the user's
configuration without asking".
it can also, depending on configuration (i.e. if mod_rewrite is not loaded),
break the apache config, and as it restarts the apache servers after
modifying httpd.conf, this could result in a loss of service.
cm.
-- System Information
Debian Release: 3.0
Architecture: i386
Kernel: Linux trumm 2.4.22trumm+umlska #2 Sun Sep 21 01:48:15 CEST 2003 i686
Locale: LANG=C, LC_CTYPE=C
Versions of packages sugarplum depends on:
ii perl 5.6.1-8.7 Larry Wall's Practical Extraction
ii wenglish 2.0-2 English dictionary words for /usr/
ii wenglish [wordlist] 2.0-2 English dictionary words for /usr/
ii wgerman [wordlist] 2-13 The German dictionary for /usr/sha
ii wngerman [wordlist] 20010414-0.1 New German orthography dictionary
Debian Bug Importer (debzilla) wrote : | #5 |
Message-ID: <email address hidden>
Date: Wed, 25 Aug 2004 18:15:38 -0400
From: sean finney <email address hidden>
To: christian mock <email address hidden>, <email address hidden>
Cc: Debian Developers <email address hidden>
Subject: Re: Bug#268067: sugarplum: modifies apache config without asking
--opJtzjQTFsWo+cga
Content-Type: text/plain; charset=us-ascii
Content-
Content-
clone 268067 -1
reassign -1 wwwconfig-common
merge 268067 -1
thanks
hi christian,
i'm duplicating, reassigning, and merging the bug in question so that
it involves the maintainer of wwwconfig-common as well. all further
bug reports will include both packages.
On Wed, Aug 25, 2004 at 10:54:13PM +0200, christian mock wrote:
> sugarplum's postinst, via the wwwconfig-common scripts (if available)=20
> modifies httpd.conf files of apache, apache-ssl and apache-perl if=20
> available, without asking or even informing the administrator.
>=20
> this is a violation of the policy ch 10.7.3:
>=20
> "[scripts] must not overwrite or otherwise mangle the user's=20
> configuration without asking".
plus, it's the config of another package, which is a also no-no.
really, the problem is that debian hasn't standardized on a way for dynamic
web apps the likes of sugarplum to install/configure themselves with
webservers such as apache. many maintainer scripts go so far as to just
echo "Include foo >> /etc/apache/
is pretty horrible.
as the maintainer, i made what i felt was the best choice i could
while still giving the user the drop-in install joy of dpkg/apt
by using an at least semi-standardized means for inclusion. this way,
when debian does develop a standard for such things (or decides that
such things must rely on the admin) wwwconfig-common could be patched
and the 40-50 packages using it would be brought in compliance. you might
want to follow up on a recent thread on the topic[1] -- at least it's
being actively discussed, and progress is being made on the issue.
i'm also going to cc debian-devel on this, to solicit more developer
opinion. my plan will be to either remove this functionality from my
package, or to work out a solution that at least prompts the admin for
what to do (ideally by patching wwwconfig-common).
sean
[1] http://
--=20
--opJtzjQTFsWo+cga
Content-Type: application/
Content-
Content-
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (GNU/Linux)
iD8DBQFBLQ+
xCw3AfAhN4W+
=8Bga
-----END PGP SIGNATURE-----
--opJtzjQTFsWo+
Debian Bug Importer (debzilla) wrote : | #6 |
Message-ID: <email address hidden>
Date: Wed, 25 Aug 2004 20:15:42 -0400
From: sean finney <email address hidden>
To: <email address hidden>
Subject: [<email address hidden>: Re: Bug#268067: sugarplum: modifies apache config without asking]
--+HP7ph2BbKc20aGI
Content-Type: text/plain; charset=us-ascii
Content-
Content-
clone 268067 -1
reassign -1 wwwconfig-common
merge 268067 -1
thanks
oops, didn't cc control...
----- Forwarded message from sean finney <email address hidden> -----
Date: Wed, 25 Aug 2004 18:15:38 -0400
=46rom: sean finney <email address hidden>
To: christian mock <email address hidden>, <email address hidden>
Subject: Re: Bug#268067: sugarplum: modifies apache config without asking
clone 268067 -1
reassign -1 wwwconfig-common
merge 268067 -1
thanks
hi christian,
i'm duplicating, reassigning, and merging the bug in question so that
it involves the maintainer of wwwconfig-common as well. all further
bug reports will include both packages.
On Wed, Aug 25, 2004 at 10:54:13PM +0200, christian mock wrote:
> sugarplum's postinst, via the wwwconfig-common scripts (if available)=20
> modifies httpd.conf files of apache, apache-ssl and apache-perl if=20
> available, without asking or even informing the administrator.
>=20
> this is a violation of the policy ch 10.7.3:
>=20
> "[scripts] must not overwrite or otherwise mangle the user's=20
> configuration without asking".
plus, it's the config of another package, which is a also no-no.
really, the problem is that debian hasn't standardized on a way for dynamic
web apps the likes of sugarplum to install/configure themselves with
webservers such as apache. many maintainer scripts go so far as to just
echo "Include foo >> /etc/apache/
is pretty horrible.
as the maintainer, i made what i felt was the best choice i could
while still giving the user the drop-in install joy of dpkg/apt
by using an at least semi-standardized means for inclusion. this way,
when debian does develop a standard for such things (or decides that
such things must rely on the admin) wwwconfig-common could be patched
and the 40-50 packages using it would be brought in compliance. you might
want to follow up on a recent thread on the topic[1] -- at least it's
being actively discussed, and progress is being made on the issue.
i'm also going to cc debian-devel on this, to solicit more developer
opinion. my plan will be to either remove this functionality from my
package, or to work out a solution that at least prompts the admin for
what to do (ideally by patching wwwconfig-common).
sean
[1] http://
--=20
----- End forwarded message -----
--+HP7ph2BbKc20aGI
Content-Type: application/
Content-
Content-
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (GNU/Linux)
iD8DBQFBLSuuynj
cZ6aPY/
=3Duu
-----END PGP SIGNATURE-----
--+HP7ph2BbKc20
Matt Zimmerman (mdz) wrote : | #7 |
Similar to 848
In Debian Bug tracker #268093, Thom May (thombot) wrote : | #8 |
tags 268093 +patch
thanks
Hi,
the patch at
http://
removes wwwconfig-common usage and adds apache2 support to sugarplum.
Cheers,
-Thom
Thom May (thombot) wrote : | #9 |
sugarplum (0.9.10-3ubuntu1) warty; urgency=low
.
* Remove the unecessary abomination of wwwconfig-common (Closes: #268093)
(Warty #849)
Debian Bug Importer (debzilla) wrote : | #10 |
Message-ID: <email address hidden>
Date: Wed, 1 Sep 2004 14:22:37 +0100
From: Thom May <email address hidden>
To: <email address hidden>
tags 268093 +patch
thanks
Hi,
the patch at
http://
removes wwwconfig-common usage and adds apache2 support to sugarplum.
Cheers,
-Thom
In Debian Bug tracker #268093, Ola Lundqvist (opal) wrote : Re: Bug#268093: (no subject) | #11 |
severity 268093 wishlist
thanks
Hello
I was not aware that this bug was assigned to wwwconfig-common at all.
I lower the severity to wishlist because I can not really agree that this
is a bug in wwwconfig-common.
And did you really want to file this information to the bug related
to wwwconfig-common and not the other "clone"?
Thanks for the information though.
On Wed, Sep 01, 2004 at 02:22:37PM +0100, Thom May wrote:
> tags 268093 +patch
> thanks
>
> Hi,
> the patch at
> http://
> removes wwwconfig-common usage and adds apache2 support to sugarplum.
Hmm what a domain-name. :)
Regards,
// Ola
> Cheers,
> -Thom
>
--
------
/ <email address hidden> Annebergsslingan 37 \
| <email address hidden> 654 65 KARLSTAD |
| +46 (0)54-10 14 30 +46 (0)70-332 1551 |
| http://
\ gpg/f.p.: 7090 A92B 18FE 7994 0C36 4FE4 18A1 B1CF 0FE5 3DD9 /
------
Debian Bug Importer (debzilla) wrote : | #12 |
Message-ID: <email address hidden>
Date: Wed, 1 Sep 2004 17:15:34 +0200
From: Ola Lundqvist <email address hidden>
To: Thom May <email address hidden>, <email address hidden>
Cc: <email address hidden>
Subject: Re: Bug#268093: (no subject)
severity 268093 wishlist
thanks
Hello
I was not aware that this bug was assigned to wwwconfig-common at all.
I lower the severity to wishlist because I can not really agree that this
is a bug in wwwconfig-common.
And did you really want to file this information to the bug related
to wwwconfig-common and not the other "clone"?
Thanks for the information though.
On Wed, Sep 01, 2004 at 02:22:37PM +0100, Thom May wrote:
> tags 268093 +patch
> thanks
>
> Hi,
> the patch at
> http://
> removes wwwconfig-common usage and adds apache2 support to sugarplum.
Hmm what a domain-name. :)
Regards,
// Ola
> Cheers,
> -Thom
>
--
------
/ <email address hidden> Annebergsslingan 37 \
| <email address hidden> 654 65 KARLSTAD |
| +46 (0)54-10 14 30 +46 (0)70-332 1551 |
| http://
\ gpg/f.p.: 7090 A92B 18FE 7994 0C36 4FE4 18A1 B1CF 0FE5 3DD9 /
------
In Debian Bug tracker #268093, Ola Lundqvist (opal) wrote : 268093 - patch | #13 |
tags 268093 - patch
thanks
--
------
/ <email address hidden> Annebergsslingan 37 \
| <email address hidden> 654 65 KARLSTAD |
| +46 (0)54-10 14 30 +46 (0)70-332 1551 |
| http://
\ gpg/f.p.: 7090 A92B 18FE 7994 0C36 4FE4 18A1 B1CF 0FE5 3DD9 /
------
Debian Bug Importer (debzilla) wrote : | #14 |
Message-ID: <email address hidden>
Date: Tue, 21 Sep 2004 10:06:38 +0200
From: Ola Lundqvist <email address hidden>
To: <email address hidden>
Subject: 268093 - patch
tags 268093 - patch
thanks
--
------
/ <email address hidden> Annebergsslingan 37 \
| <email address hidden> 654 65 KARLSTAD |
| +46 (0)54-10 14 30 +46 (0)70-332 1551 |
| http://
\ gpg/f.p.: 7090 A92B 18FE 7994 0C36 4FE4 18A1 B1CF 0FE5 3DD9 /
------
In Debian Bug tracker #268093, Ola Lundqvist (opal) wrote : It is the pacakge maintainers responsibility not wwwconfig-common. | #15 |
reassign 268093 sugarplum
thanks
Hello
I suggest that you use the .conf.d structure for apache instead
of using wwwconfig-common. The reason is that the .conf.d structure
is MUCH better as it will not rewrite configuration files.
Regards,
// Ola
--
------
/ <email address hidden> Annebergsslingan 37 \
| <email address hidden> 654 65 KARLSTAD |
| +46 (0)54-10 14 30 +46 (0)70-332 1551 |
| http://
\ gpg/f.p.: 7090 A92B 18FE 7994 0C36 4FE4 18A1 B1CF 0FE5 3DD9 /
------
In Debian Bug tracker #268093, sean finney (seanius) wrote : closing old bugreport | #16 |
this bug was cloned and the clone just got re-assigned back to me,
so i'm going to go ahead and close it since the problem has long
since been resolved.
sean
--
Changed in wwwconfig-common: | |
status: | Unknown → Fix Released |
clone 268067 -1
reassign -1 wwwconfig-common
merge 268067 -1
thanks
hi christian,
i'm duplicating, reassigning, and merging the bug in question so that
it involves the maintainer of wwwconfig-common as well. all further
bug reports will include both packages.
On Wed, Aug 25, 2004 at 10:54:13PM +0200, christian mock wrote:
> sugarplum's postinst, via the wwwconfig-common scripts (if available)
> modifies httpd.conf files of apache, apache-ssl and apache-perl if
> available, without asking or even informing the administrator.
>
> this is a violation of the policy ch 10.7.3:
>
> "[scripts] must not overwrite or otherwise mangle the user's
> configuration without asking".
plus, it's the config of another package, which is a also no-no.
really, the problem is that debian hasn't standardized on a way for dynamic httpd.conf" , which i think you'd agree
web apps the likes of sugarplum to install/configure themselves with
webservers such as apache. many maintainer scripts go so far as to just
echo "Include foo >> /etc/apache/
is pretty horrible.
as the maintainer, i made what i felt was the best choice i could
while still giving the user the drop-in install joy of dpkg/apt
by using an at least semi-standardized means for inclusion. this way,
when debian does develop a standard for such things (or decides that
such things must rely on the admin) wwwconfig-common could be patched
and the 40-50 packages using it would be brought in compliance. you might
want to follow up on a recent thread on the topic[1] -- at least it's
being actively discussed, and progress is being made on the issue.
i'm also going to cc debian-devel on this, to solicit more developer
opinion. my plan will be to either remove this functionality from my
package, or to work out a solution that at least prompts the admin for
what to do (ideally by patching wwwconfig-common).
sean
[1] http:// lists.debian. org/debian- devel/2004/ 08/msg01104. html
--