Subject: Re: IMPORTANT user-visible change to pkgsrc related to config files
To: Johnny Lam <>
From: Curt Sampson <>
List: tech-pkg
Date: 12/20/2001 16:22:41
> I've committed changes to and friends to implement a variable
> PKG_SYSCONFDIR, used to specify the location where the configuration files
> for a package may be found.

Sorry; I've been quite behind on my mail.

I'd just like to say that this does nothing to fix the basic problem
that I'm complaining about.

Essentially, there are three places a program can come from:

    1.	Comes with the system. Always uses /etc.

    2.	Comes from a (binary) package: maybe uses /etc, maybe uses

    3.	Compiled from the original source distribution: usually uses
	/etc, but some things might use /usr/local/etc or similar.

Now I know about this stuff pretty well, and even *I've* been caught
by some program using the wrong set of configuration files. Given that
this can be a source of major security holes (e.g., wrong apache config
file exposing to the public information that should be private), I don't
think we should be contributing to the problem by having yet another
home for configuration files. Your change makes the problem even worse,
since now the configuration file location can change from build to build
of a package!

It's only a matter of time before someone forgets to turn off
PKG_SYSCONFBASE=/etc before building and uploading a package.

Curt Sampson  <>   +81 90 7737 2974
    Don't you know, in this new Dark Age, we're all light.  --XTC