From 64f2627948f1de6aac350f44a90f8a748dc730c3 Mon Sep 17 00:00:00 2001
From: Sean Whitton <spwhitton@spwhitton.name>
Date: Sat, 22 Oct 2016 17:38:44 -0700
Subject: don't nuke /var/lib/keysafe

---
 debian/keysafe-server.postrm | 20 ++++++++++++--------
 1 file changed, 12 insertions(+), 8 deletions(-)
 mode change 100644 => 100755 debian/keysafe-server.postrm

(limited to 'debian')

diff --git a/debian/keysafe-server.postrm b/debian/keysafe-server.postrm
old mode 100644
new mode 100755
index c141548..0928c91
--- a/debian/keysafe-server.postrm
+++ b/debian/keysafe-server.postrm
@@ -6,11 +6,15 @@ set -e
 
 #DEBHELPER#
 
-# on a package purge, we nuke the keysafe user and the store of
-# shards.  Note that it would be a security risk to delete the user
-# without also deleting the store of shards, so we leave both the user
-# and the store intact when the package is merely removed
-if [ "$1" = "purge" ]; then
-    userdel --remove _keysafe || true
-    groupdel _keysafe || true
-fi
+# For the time being, we don't ever delete /var/lib/keysafe, even on a
+# purge (note that for security this requires that we also never
+# delete the _keysafe user and group)
+
+# Deleting this data has the potential to destroy the backups of
+# people's private keys, so it probably shouldn't ever happen
+# automatically
+
+#if [ "$1" = "purge" ]; then
+#    userdel --remove _keysafe || true
+#    groupdel _keysafe || true
+#fi
-- 
cgit v1.2.3