Re: To the bind maintainer

To: debian-devel@lists.debian.org
Subject: Re: To the bind maintainer
From: Bdale Garbee <bdale@gag.com>
Date: Fri, 21 Jan 2000 20:32:39 -0700 (MST)
Message-id: <[🔎] 20000122033239.BD1A31B9D0@chunks.gag.com>
In-reply-to: <[🔎] 3.0.6.32.20000121163739.00933960@alexanderschool.nl>

In article <[🔎] 3.0.6.32.20000121163739.00933960@alexanderschool.nl> you wrote:

> Note the default! But when I want to run named as a user other
> than root because I'm a little nervous about security then
> I should have that possibility! 

You do.

The Debian conffile mechanism and the policy requiring that init.d fragments
be flagged as conffiles exist *precisely* to allow you to do "patch" config
choices like this.  

Anyone who is daunted by reading a man page and tweaking a text file should
probably just run the package defaults and not worry about all this.

> (and say Y!) Instead of patching /etc/init.d/bind.

For every person who really wants a question in the postinst to choose an 
option like this, there exists a person for whom interactivity in the postinst
is intensely frustrating.  Until recently, allowing the postinst to modify a 
conffile has created confusion for users who from that point on are always 
prompted with the "this config file has been modified by you or a script" 
question during upgrades.  As a result, I try *very* hard to avoid having to 
ask questions in package postinst scripts.  I always make it possible for 
people to do something different than what I think is the most reasonable 
default, but I try not to do it at the expense of making my packages 
frustrating or confusing for typical users to install, configure, and upgrade.

'debconf' has the potential to change my attitudes about all this.  It appears
to provide the tools required to solve the problem of allowing configuration 
options during install without burdening future upgrades with confusing 
questions.  I thought briefly about trying to add debconf support to some of
my packages for potato, but at the time I was considering it the rate of change
in the debconf package was very high, and so I chose to defer this work until
after potato.

Let me also point out in closing that running non-root is only one way to 
increase the theoretical security of the bind package.  The daemon also 
provides explicit support for running chroot'ed.  There are pros and cons to
running non-root, and other pros and cons to running chroot'ed.  To me, 
getting this right for woody means providing choices, and that will take much 
more than adding one question and one sed invocation to the postinst...  And 
who knows what changes BIND 8.2.3 (alpha release imminent) and 9.X (possibly
in general use before woody freezes) may bring!

Bdale

Reply to:

Follow-Ups:
- Re: To the bind maintainer
  - From: Marek Habersack <grendel@vip.net.pl>
- Re: To the bind maintainer
  - From: Steve Greenland <stevegr@debian.org>
- Re: To the bind maintainer
  - From: md@linux.it (Marco d'Itri)

References:
- Re: To the bind maintainer
  - From: Onno Ebbinge <Onno@Willem.Alexanderschool.nl>

Prev by Date: Re: To the bind maintainer
Next by Date: Re: To the bind maintainer
Previous by thread: Re: To the bind maintainer
Next by thread: Re: To the bind maintainer
Index(es):
- Date
- Thread