Re: bin/23212 (openssh /etc/moduli copied by postinstall should be etcupdate)

[Robert Elz <kre%munnari.OZ.AU@localhost>]

The following reply was made to PR bin/23212; it has been noted by GNATS.

From: Robert Elz <kre%munnari.OZ.AU@localhost>
To: gnats-bugs%netbsd.org@localhost
Cc: 
Subject: Re: bin/23212 (openssh /etc/moduli copied by postinstall should be etcupdate)
Date: Thu, 20 Jun 2019 03:13:58 +0700

     Date:        Wed, 19 Jun 2019 16:40:01 +0000 (UTC)
     From:        Valery Ushakov <uwe%stderr.spb.ru@localhost>
     Message-ID:  <20190619164001.DA29B7A1E0%mollari.NetBSD.org@localhost>
 
 
   |  I have no clue about moduli(5) and why would you want to make local
   |  changes to it
 
 Me either.
 
   |  but people who actually know their crypto might have valid
 
 Bill Simpson would be one of those
 
   |  but this seems like exactly the kind of problem
   |  why I never use postinstall
 
 Personally, I typically run neither, these days ther doesn't seem to
 be much point bothering with catpages in the first place, so I don't
 need it for that, and I don't much care if a few other obsolete files
 get left lying around.   Updating the files in /etc I just do manually
 (it gives me more control, even if it does mean more work - and I tend
 to alter my filesys layout a bit from the normal as well.)
 
   |  Note that etcupdate should do the right thing here, asking to merge
   |  changes if there are any (new), so the solution is simple: do not run
   |  postinstall fix before etcupdate and when etcupdate runs postinstall
   |  check evaluate (and ignore :) its suggestions.  After successful
   |  etcupdate you should only need "postinstall fix obsolete catpages"
   |  anyway.
 
 Sounds reasonable to me.
 
 kre