[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Gnumed-devel] Re: Updated server packages

From: Andreas Tille
Subject: [Gnumed-devel] Re: Updated server packages
Date: Sun, 20 Sep 2009 21:32:20 +0200
User-agent: Mutt/1.5.18 (2008-05-17)

On Sun, Sep 20, 2009 at 12:30:12AM +0200, Karsten Hilbert wrote:
> Thanks for this valuable feedback ! We will see to it to
> make this necessary change much more prominent so users know
> what to do.
> @Andreas: can we add this to the README.Debian for
> gnumed-server, too ? I will send you a patch.

Sure!  Any patch is perfectly welcome.  If you would apply for an alioth
account (as I recommended for the live CD stuff) I would grant you
permissions which enable you to commit such changes yourself.

> > I am an experienced Linux user, but never touched Postgre before, and
> > for the first time it took me a few days to et it running - this could
> > be eased very simply by making the bootstrap script add this line
> > automatically to the file if run as root,
> Unfortunately, this is *not safely possible*.

Well, *technically* it is "quite" save to do this - but it is simply
forbidden by Debian policy to tweak other packages config files (and
that's for a reason):.  So the only policy compliant way to work do this
is via documentation in the GNUMed package (even if I see a chance to
provide a "documented shell script" which you can start and which does
the job for you.  But changing ph_hba.conf from GNUmed's postinst is
just forbidden.

> Note that  I am not talking about the fact that Debian
> policy does not allow one package to change the
> configuration of another packages -- this I would gladly
> overcome by providing a
>       /usr/bin/

Yes - something like this.
> But this is not safely *possible*.

IMHO for those people who have problems maintaining PostgreSQL servers
it is "quite" safe (in combination with a big warning I'd consider it
OK), because you can assume some reasonable defaults.  (Otherwise the
admin is an expert which just would not call the script.)

> Moreover, it may be
> contrary to what a local admin desires to be the
> authentication policy ! There are other ways to allow access
> to GNUmed databases.

> > or by just telling the user that he should do this if run
> > as other user.
> A good suggestion. I will add some code to the bootstrapper
> which warns about the line missing in pg_hba.conf.

I'd consider this as a very sane compromise which comes quite cheap.

Kind regards


Klarmachen zum Ă„ndern!

reply via email to

[Prev in Thread] Current Thread [Next in Thread]