[Pkg-haskell-maintainers] Bug#744328: notmuch-web: config doesn't match docs, and appears to be root-only
Rob Browning
rlb at defaultvalue.org
Sat Apr 12 23:25:31 UTC 2014
Package: notmuch-web
Version: 0.2.0-2+b1
The README says:
When launching the notmuch-web binary, it expects several files to be
located in one subdirectory of the current directory. No other
configuration or install is needed, so you can copy the notmuch-web
binary and this folders anywhere, even deploy on computers with no
Haskell installed. _Note: in versions of notmuch-web before 0.2.0
there was a second folder which can be deleted when you upgrade; see
the Changelog._
The required folder is named `config` and must be in the current
directory.
But after some time trying to figure out why I couldn't get a password
configured to work, I noticed this from strace:
8852 open("/etc/notmuch-web/settings.yml", O_RDONLY) = 7
which led me to this:
debian/patches/config-in-etc
Perhaps the changed behavior should be mentioned in a README.Debian -- I
looked for one originally, and when I didn't find it, assumed the
upstream docs would be authoritative.
And if this change means that a normal user can't configure/run their
own notmuch-web, then perhaps the patch should be removed, or some other
arrangements made.
I also wonder if it makes sense to have a system-wide notmuch-web. As
far as I know, notmuch and notmuch-web really have to be run per-user --
if so, then I'd be inclined to just drop the patch, leaving less
deviation from upstream.
Oh, and I noticed that with the current package, the (hashed) passwords
are in a file that's world-readable. I thought I'd mention it in case
that hadn't been vetted.
Thanks
--
Rob Browning
rlb @defaultvalue.org and @debian.org
GPG as of 2011-07-10 E6A9 DA3C C9FD 1FF8 C676 D2C4 C0F0 39E9 ED1B 597A
GPG as of 2002-11-03 14DD 432F AE39 534D B592 F9A0 25C8 D377 8C7E 73A4
More information about the Pkg-haskell-maintainers
mailing list