From: Russ Allbery
Date: Mon, 2 Feb 2009 02:14:37 +0000 (-0800)
Subject: Merge branch 'master' into bug473439-rra
X-Git-Url: https://git.donarmstrong.com/?a=commitdiff_plain;h=d88500c9e96d2cce7cde0422dd256c1d656cc03f;hp=1388520299b8b8619f371d1fe4f7990757076983;p=debian%2Fdebian-policy.git
Merge branch 'master' into bug473439-rra
---
diff --git a/.gitignore b/.gitignore
new file mode 100644
index 0000000..ab942fa
--- /dev/null
+++ b/.gitignore
@@ -0,0 +1,18 @@
+/body.tmp
+/debconf_spec/debconf_specification.html
+/debconf_spec/debconf_specification.txt.gz
+/head.tmp
+/menu-policy.html/
+/mime-policy.html/
+/perl-policy.html/
+/policy.html/
+/stamp-build
+/version.ent
+*.html.tar.gz
+*.pdf
+*.pdf.gz
+*.ps
+*.ps.gz
+*.tpt
+*.txt
+*.txt.gz
diff --git a/debian/changelog b/debian/changelog
index aa40626..903d023 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -35,10 +35,19 @@ debian-policy (3.8.1.0) UNRELEASED; urgency=low
Seconded: Jörg Sommer
Seconded: Guillem Jover
Closes: #479080
+ * Policy: Allow user mail spools to be mode 0600 or 0660
+ Wording: Russ Allbery
+ Seconded: Kurt Roeckx
+ Seconded: Andrew McMillan
+ Closes: #470994
* Improve the documentation of maintainer script actions for diversions
in the informative appendix to allow for addition of a new diversion
on upgrade and handle error cases correctly. Thanks to Olivier Berger
for the report and Raphaël Hertzog for the review. (Closes: #483418)
+ * Clarify the meaning of architecture restrictions on build dependencies
+ in the presence of alternatives. Thanks to Guillem Jover for the
+ explanation and review and Emilio Pozuelo Monfort and Don Armstrong
+ for wording review. (Closes: #163666)
* Use : notation rather than . notation in
multiple places. Thanks, Kurt Roeckx. (Closes: #488039)
* Fix typo in 3.8.0.0 upgrading-checklist entry. Patch from Kobayashi
@@ -48,6 +57,11 @@ debian-policy (3.8.1.0) UNRELEASED; urgency=low
* Clarify that translation is only required for user-visible debconf
messages. Capitalize "Debian Configuration Management Specification"
uniformly. Thanks, Julian Andres Klode. (Closes: #492624)
+ * Add --wildcards to the sample tar command in appendix B.1 for
+ extracting the package copyright file, adjusting for new tar option
+ behavior. Thanks, Yan Morin. (Closes: #503685)
+ * Reword the requirement that maintainer scripts exit with a zero
+ status on success to avoid double-negatives.
-- Russ Allbery Mon, 23 Jun 2008 19:23:50 -0700
diff --git a/policy.sgml b/policy.sgml
index 0726795..9b9ee4c 100644
--- a/policy.sgml
+++ b/policy.sgml
@@ -3442,8 +3442,7 @@ Package: libc6
scripts this means that you almost always need to
use set -e (this is usually true when writing shell
scripts, in fact). It is also important, of course, that
- they don't exit with a non-zero status if everything went
- well.
+ they exit with a zero status if everything went well.
@@ -4195,6 +4194,22 @@ Build-Depends-Indep: texinfo
Build-Depends: kernel-headers-2.2.10 [!hurd-i386],
hurd-dev [hurd-i386], gnumach-dev [hurd-i386]
+ requires kernel-headers-2.2.10 on all architectures
+ other than hurd-i386 and requires hurd-dev and
+ gnumach-dev only on hurd-i386.
+
+
+
+ If the architecture-restricted dependency is part of a set of
+ alternatives using |, that alternative is ignored
+ completely on architectures that do not match the restriction.
+ For example:
+
+Build-Depends: foo [!i386] | bar [!amd64]
+
+ is equivalent to bar on the i386 architecture, to
+ foo on the amd64 architecture, and to foo |
+ bar on all other architectures.
@@ -8079,12 +8094,27 @@ http://localhost/doc/package/filename
- Mailboxes are generally mode 660
- user:mail unless the system
- administrator has chosen otherwise. A MUA may remove a
- mailbox (unless it has nonstandard permissions) in which
- case the MTA or another MUA must recreate it if needed.
- Mailboxes must be writable by group mail.
+ Mailboxes are generally either mode 600 and owned by
+ user or mode 660 and owned by
+ user:mail
+ There are two traditional permission schemes for mail spools:
+ mode 600 with all mail delivery done by processes running as
+ the destination user, or mode 660 and owned by group mail with
+ mail delivery done by a process running as a system user in
+ group mail. Historically, Debian required mode 660 mail
+ spools to enable the latter model, but that model has become
+ increasingly uncommon and the principle of least privilege
+ indicates that mail systems that use the first model should
+ use permissions of 600. If delivery to programs is permitted,
+ it's easier to keep the mail system secure if the delivery
+ agent runs as the destination user. Debian Policy therefore
+ permits either scheme.
+ . The local system administrator may choose a
+ different permission scheme; packages should not make
+ assumptions about the permission and ownership of mailboxes
+ unless required (such as when creating a new mailbox). A MUA
+ may remove a mailbox (unless it has nonstandard permissions) in
+ which case the MTA or another MUA must recreate it if needed.
@@ -9304,7 +9334,7 @@ install-info --quiet --remove /usr/share/info/foobar.info
To view the copyright file for a package you could use this command:
- dpkg --fsys-tarfile filename.deb | tar xOf - \*/copyright | pager
+ dpkg --fsys-tarfile filename.deb | tar xOf - --wildcards \*/copyright | pager
diff --git a/upgrading-checklist.html b/upgrading-checklist.html
index ca0350b..4cb1c61 100644
--- a/upgrading-checklist.html
+++ b/upgrading-checklist.html
@@ -58,6 +58,8 @@ picking your way through this list.
start the daemon again if it's already running. [9.3.2]
* /bin/sh scripts may assume that local can take multiple variable
arguments and supports assignment. [10.4]
+ * User mailboxes may be mode 600 and owned by the user rather than
+ mode 660, owned by user, and group mail. [11.6]
3.8.0.0 Jun 2008