Date: Wed, 19 Jun 2002 16:03:56 -0700 From: Jason DiCioccio <jd@epylon.com> To: Bill Moran <wmoran@potentialtech.com>, <jdarnold@buddydog.org> Cc: <freebsd-security@FreeBSD.ORG> Subject: Re: Apache 1.3.26 port Message-ID: <B9365BEC.2BBA%jd@epylon.com> In-Reply-To: <3D110D17.50809@potentialtech.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On 6/19/02 4:00 PM, "Bill Moran" <wmoran@potentialtech.com> wrote: > Jonathan Arnold wrote: >>> I would consider this semi-correct, at least from my experience. The data >>> directories ARE seperated out. Notice that there is a data.default and a >> >> I, in fact, just went through this and would beg to differ. It is not >> very kind to delete a complete directory tree without any warning, either >> when you install (something like "data.default *WILL BE REPLACED ON >> UPGRADE*") or it should check on upgrade and not remove it if it is there. >> I lost my entire web site with nary a peep, and luckily had the most >> important >> stuff on another computer. > > This is outrageous. Have you ever heard of backups? I can't believe you're > blaming loss of data on this. As a system administrator you should be backing > up your data on a regular schedule. And you should ALWAY back up your data > before ANY upgrade. That's just proper procedure. I think there are 2 issues here. One is that he did not do a backup, that is for sure. However, there is an issue with the port as far as I am concerned as well. The port shouldn't be rm -rf'ing anything. It should be going by the plist if anything at all. This way programs like pkg_deinstall pkg_delete can do their jobs correctly. For example, pkg_deinstall will not remove a file if the checksum does not match the checksum that it had upon installation. This would have saved everyone a lot of trouble and is really just the correct way to make a port or a package the last time I checked. Granted pkg_delete, iirc, would have deleted some of the files, like index.html because I don't believe it checks checksums before removing files. However the consequences would have been much less severe. Doesn't this seem reasonable? Cheers, -JD- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?B9365BEC.2BBA%jd>