On Tue, 4 Jun 2019, Thorsten Kukuk wrote:
On Tue, Jun 04, Richard Biener wrote:
Btw, Debian at least used to package
"sample" config files as
/etc/mtools.conf.XYZ (or was it even in /usr/doc/mtools/mtools.conf)
and the services were never started automatically. The admin
usually could copy the sample to /etc with the proper name and
get reasonable default behavior.
I see there only one problem: admin copies the sample configuration
file and modifies it. Upstream makes changes to the configuration
file, how should the admin find out after the next update, that he
has to adjust his configuration file again and which changes were
As it was only a sample (thus, documentation) changes to the sample
do not affect the admins configuation. If there's a format change
there exist notification mechanisms that can be triggered on an
update, aka "please review your configuration for changes XYZ"
with optionally "service disabled" to not leave possibly broken
To address the casual admin (user) I would go for
cups-suse-client-config like packages where users leave configuration
up to the packager and/or a configuration management tool that
knows how to deal with updates (read: yast).
That said I wonder how we protect against somebody installing
package FOO that requires apache (for whatever reason) and
ending up with a running apache with an insecure default
configuration (insecure is very much dependent on view).
Richard Biener <rguenther(a)suse.de>
SUSE Linux GmbH, Maxfeldstrasse 5, 90409 Nuernberg, Germany;
GF: Felix Imendörffer, Mary Higgins, Sri Rasiah; HRB 21284 (AG Nürnberg)