don't nuke /var/lib/keysafe

1 files changed, 12 insertions, 8 deletions

diff --git a/debian/keysafe-server.postrm b/debian/keysafe-server.postrm
index c141548..0928c91 100644..100755
--- a/debian/keysafe-server.postrm
+++ b/debian/keysafe-server.postrm
@@ -6,11 +6,15 @@ set -e
 
 #DEBHELPER#
 
-# on a package purge, we nuke the keysafe user and the store of
-# shards.  Note that it would be a security risk to delete the user
-# without also deleting the store of shards, so we leave both the user
-# and the store intact when the package is merely removed
-if [ "$1" = "purge" ]; then
-    userdel --remove _keysafe || true
-    groupdel _keysafe || true
-fi
+# For the time being, we don't ever delete /var/lib/keysafe, even on a
+# purge (note that for security this requires that we also never
+# delete the _keysafe user and group)
+
+# Deleting this data has the potential to destroy the backups of
+# people's private keys, so it probably shouldn't ever happen
+# automatically
+
+#if [ "$1" = "purge" ]; then
+#    userdel --remove _keysafe || true
+#    groupdel _keysafe || true
+#fi