[sork] Debian package, sork - passwd.

[Lionel Elie Mamane]

On Mon, Sep 05, 2005 at 12:26:56AM -0400, Chuck Hagenbuch wrote:
> Quoting Lionel Elie Mamane <lionel at mamane.lu>:

>> Have you tried contacting the Debian maintainers about it?

> No. Honestly, I figured that at some point someone would want to
> work with the upstream maintainer (i.e, us) instead of blindly
> modifying our code all the time.

I can't speak for Opal, the Debian Horde maintainer. Maybe he thought
you'd prefer not to be bothered by Debian modifications you'd judge to
be "in the wrong direction". Maybe he's not *aware* you consider that
a problem. Maybe he thought that these changes (a few symlinks here
and there) were too trivial to formally discuss with you. Maybe...

(Note that the current Horde3 package modifies 0 lines of code from
 your version. It does put the configuration files in /etc/ - see
 below.)

> If I sound cranky about this it's because of the number of people
> who've had problems because our documentation is suddently "wrong"
> because debian moved our config files (and who knows what else).


>From your installation documentation, I gather that you intend for
Horde to be installed in a directory foo, whose choice is free to the
person installing it (administrator, packager, ...), and the
configuration to be in foo/config .

General explanation:

 The "problem" (for Debian) with this approach (which is common for
 web-based applications and frameworks) is that configuration files
 are _required_ to be in /etc/, and the files which are not
 configuration files are _required_ not to be in /etc/ .

 This requirement is not only an internal Debian requirement, spelt out
 in the Debian policy [0], but also an "external" standard to which
 Debian strives to adhere, the Filesystem Hierarchy Standard (FHS) [1].

 [0] http://www.debian.org/doc/debian-policy/
 [1] http://www.pathname.com/fhs/


Specifically for Horde:

 (This text speaks about Horde2, but Horde3 is handled the same way,
  with '3' instead of '2'.)

 Debian has instantiated "foo" by /usr/share/horde2/ and puts the
 configuration files in /etc/horde2/ . However, there is a symlink
 from /usr/share/horde2/config to /etc/horde2/, so any documentation
 that points towards /usr/share/horde2/config is not "wrong". If
 someone edits a file in there, it will work, he will be editing the
 file in /etc/horde2 by the magic of the symlink.


So, what problem do the users have? I suppose your documentation says
something along the lines:

 To enable feature blah, set "$conf['blah']" to "true" in the file
 horde_dir/config/horde.php, where horde_dir is the directory where
 you installed Horde.

Then, following your documentation blindly, the Debian user edits the
file /usr/share/horde2/config/horde.php, and it works. Because he's
really editing /etc/horde2/horde.php, although he may not be aware of
that.


What specific problem did users encounter?


> Or that the config file move seems to have been done with no
> consideration for fixing the graphical config file interface in
> Horde 3.

Again, if the graphical interface goes looking into horde_dir/config/,
it will find the files there (through the symlink). Maybe Opal
overlooked something, and then there is a bug. Please have the users
that encounter the bug file a bug in the Debian bug tracking system
(they can use the "reportbug" program) or report it (see
http://www.debian.org/Bugs/Reporting ) or tell me what precisely the
problem is and I'll file it in the BTS myself.

Here's what the Debian-specific documentation says about it:

 To configure this package use the horde3 web configuration. To let
 it write to the configuration files you have to change the owner
 of the /etc/horde/horde3 dir and config files to be owned by www-data.
 
 If you do not do that you have to cut from the web configuration
 program and paste into the config file yourself.
 
 The reason why this is not the default option is, that allow writing
 to configuration files without any authentication is a big
 security hole.


-- 
Lionel