[Pkg-dspam-misc] Bug#488924: dspam-webfrontend and apache2-suexec

[Kurt B. Kaiser]

On Fri, Aug 15 2008, Stefan Fritsch wrote:

> Lenny is frozen, the release team will never accept so many changes to 
> go into Lenny. This means there are two ways forward:
>
> - Downgrade #488924 to non-RC severity, stay with 3.6.8-8.1 in Lenny, 
> go ahead with your upload that changes lots of things.
>
> - Upload a new version with minimal changes fixing #488924 and 
> possibly some other important bugs. Wait for this new version to 
> migrate to lenny and delay the upload with big changes until later.
>
> I recommend the second option, but this is not a strong opinion. Even 
> with the first option, it would make sense to delay the big upload, 
> in order to be sure that no newer version is required in lenny.

I understand your feeling about this.  However, I think you might be
overly pessimistic, because the changes aren't as extreme as they might
seem to be when looking at the changelog.

I'm setting aside the changes to the webfrontend for a moment; I'll get
back to them below.

I began with changes to pass the standard Debian flags to configure and
to build in the source tree instead of in a subdir.  I did this so the
Makefiles would be available when running maintainer-clean to remove the
auto-generated files resulting from autoconf.  This produces a much
cleaner .diff.gz, which now only contains entries from .../debian and
its subdirectories, which is a goal when dpatch is used. This step was
verified with interdiff.

Fixing #481755 and #483868 involved one word changes to fix important
regressions.  I think that inspecting the changes will show them to be
non-problematic.

Updating to compatibility level 7 and Standards 3.8.0 introduced no
additional changes.

Adding amavis to the trusted users is a one word change to a config file,
and non-disruptive by inspection.

There were several changes to improve the documentation, and that's
allowable per the Lenny freeze guidelines.

Now, the webfrontend: Previously, we had a non-functional demo
VirtualHost fragment.  I moved it to its correct location in /etc/dspam/
and modified it to be served on localhost only, with a simplified login
using htpasswd.  I also moved other files that the user might be
expected to customize. Having a working website following installation
should help those users who were having difficulty getting started with
the webfrontend configuration.  I tested this by running the website.

There was an issue with upgrading etch: the /usr/share/dspam dir had
some symlinks which were causing upgrade errors.  This is a serious bug,
at least, and had to be fixed.

Since it's important for security reasons that the cgi run under suexec
as user dspam, I think setting a dependency on apache2-suexec is
appropriate, and fixes this RC bug.

My original goal was to get all the webfrontend files out of /var/www.
That would need apache2-suexec-custom.  I wasn't successful.  But it
was time to stop!

One of the Lenny goals is to pass the piuparts test.  The webfrontend
was not purging correcty, and I made some changes to fix that.  The
changes were most cleanly accomplished by putting the webfrontend config
files under ucf control.

There were no changes to the core of dspam or the webfrontend, so I
don't think any of the above could be considered disruptive.

Again, thanks for the review.  I hope this addresses your concerns.