conffile changes in SRUs

Steve Langasek steve.langasek at ubuntu.com
Tue Jan 22 23:33:48 UTC 2013 

Hi Robie,

On Tue, Jan 22, 2013 at 10:51:29AM +0000, Robie Basak wrote:
> Bug 1014732 in mysql-5.5 (Ubuntu Precise) "log_error not set in my.cnf,
> errors not written anywhere" [High,Triaged]
> https://launchpad.net/bugs/1014732

> I've had this sponsored twice but been trumped by security twice before
> it got looked at by an SRU team member.

> But there seems to be some doubt on whether SRUs can change conffiles,
> so I think it would be helpful to clarify this here first.

> Are conffile changes allowed in SRUs? And if not, how should I approach
> fixing this issue?

Conffile prompts are not a pleasant thing for admins to have to deal with,
whenever they happen.  I don't think we should hold SRUs to a different
standard here than we do other package uploads.  Rather, I think we should
hold all conffiles to consistently high standards, ensuring that admins
don't have any reason to change them in any but the most exceptional
configurations.

In the case of my.cnf, the '!includedir /etc/mysql/conf.d/' already gives
admins a suitable mechanism for making configuration changes without having
to edit conffiles, so I don't think we need to jump through hoops to avoid
changing the conffile in an SRU - given that this is the obviously correct
way to fix this bug, and the way that it was fixed in later releases.

On Tue, Jan 22, 2013 at 09:51:27PM +0900, Emmet Hikory wrote:
>     Depending on the nature of configuration parsing for the package
> concerned, it may be safer to modify the code to provide safe defaults
> for missing configuration entries.

Also a valid approach, but by no means required; that would also imply
carrying a distro patch, which isn't something I would want to tie
developers' hands on.

-- 
Steve Langasek                   Give me a lever long enough and a Free OS
Debian Developer                   to set it on, and I can move the world.
Ubuntu Developer                                    http://www.debian.org/
slangasek at ubuntu.com                                     vorlon at debian.org
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 836 bytes
Desc: Digital signature
URL: <https://lists.ubuntu.com/archives/ubuntu-devel/attachments/20130122/ae6f2d2e/attachment-0001.pgp>

More information about the ubuntu-devel mailing list