On Mon, 7 Nov 2022 20:11:41 +0100, Michael Ströder wrote:
On 11/7/22 17:43, Jim Henderson wrote:
On Mon, 7 Nov 2022 17:37:52 +0100, Marcus Meissner wrote:
Dominique has reverted sudo to the previous sudo behaviour in the meantime.
Yep, saw that discussion as well.
I do think that a best practice really should be not to mess with a user's configuration
But the hard problem is to determine what "a user's configuration" really means.
AFAICS you can only technically check whether the package's default config file was changed or not. Nothing else.
You cannot…
… technically determine whether the user deliberately wants to stick indefinitely to the implied defaults.
That's the user's choice, and the user's choice alone. We can educate the user as to why the defaults were changed, but only they can (and should) make changes to a configuration that they're using.
… know whether the user really prefers default values for new config values introduced upstream or would rather prefer (part of) the distribution's default config file.
Again, that's the user's choice. Not the project's choice to make. Just don't mess with an existing configuration.
Any many more fuzzy issues like this...
However a user (or admin) who really wants to ensure deterministic behaviour can generate a custom config file and the package update should not change that. In particular: If you rely on sudo you should make yourself familiar with /etc/sudoers on roll out your own. Especially this also applies to sshd_config, nsswitch.conf and other login-related config you need to fix your system.
As a sysadmin with more decades of experience than I care to admit to, *nobody* should be making changes to my systems' configurations without my consent. *NOBODY*, period. If I upgrade packages, I expect the binary code to be updated and the config files to be left alone unless the upgraded files somehow are incompatible with the configuration - and then I expect to be informed during the upgrade (not through a mailing list that I may not even be aware of). Keep your hands off my configuration files, and if you *must* make a change, make absolutely sure that the changes (and reasons for them) are *very clearly* advertised *on my system*. It really is that simple. Jim -- Jim Henderson Please keep on-topic replies on the list so everyone benefits