[Pkg-roundcube-maintainers] Bug#951194: Bug#951194: roundcube-core: update should not change config file permissions

[Guilhem Moulin]

Control: found -1 1.2.3+dfsg.1-4+deb9u3
Control: severity -1 serious
Control: tag -1 + confirmed pending

Hi,

On Wed, 12 Feb 2020 at 10:40:22 +0100, Daniel wrote:
> After an `apt upgrade` which upgrade roundcube-core, the group of /etc/roundcube/config.inc.php 
> has changed, set to www-data,

Ack, and oldstable is affected too (and probably all versions before
that as the chown can already be found in 0.1-1).  Making this RC since
it's AFAICT a violation of Policy §10.7.3 (assuming ownership and/or
mode changes count as local changes, which sounds sensible).

> which in my case broke roundcube (the php user handling roundcube
> is not in this group)

Note that changing ownership and/or mode of config files (config.inc.php +
debian-db.php) might not be enough, one might need to apply similar
changes to /var/log/roundcube and /var/lib/roundcube/temp.  As these are
not configurations files, ownership and/or mode changes are usually made
sticky using dpkg-statoverride(1).  Unfortunately we didn't honor these
overrides either. :-/

Cheers,
-- 
Guilhem.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: not available
URL: <http://alioth-lists.debian.net/pipermail/pkg-roundcube-maintainers/attachments/20200224/bb172dd8/attachment.sig>