Re: fakeroot a solution for multi-architecture building?
> Fakeroot looks like the answer to the multi-architecture packaging
> problem, as long as it's secure. I was waiting for the problems to be
> resolved with it before trying it out, but went on vacation and missed out
> on the latest status of fakeroot. Has it been resecured again?
Please, people, if there are problems with debian packages, could you
file a bug?
I (the maintainer/author) of fakeroot have never heard of any security
problems with fakeroot, and, in fakt am _sure_ there are no
security problems (if there were, they are the problem of other
programmes, not fakeroot. Fakeroot isn't setuid or anything, so any
cracker can install fakeroot on his homedir, and exploit the "bug"
if there were any. So, the only thing possibly to fix is the
system, not fakeroot).
On the other hand, old versions of fakeroot have had a _lot_ of bugs,
that caused packages to build incorrectly. To sortof ensure any
released fakeroot doesn't contain such bugs, I wrote a small test suite
for fakeroot, that excersizes all bugs I've made in the past. This
greately improved the quality of fakeroot.
I think all bugs found that would cause fakeroot to build
corrupt .deb's I've fixed within one week of the bugreport
(actually, I think more like within two days, but I'm not sure here).
joost witteveen, firstname.lastname@example.org
#what's this? see http://www.dcs.ex.ac.uk/~aba/rsa/
TO UNSUBSCRIBE FROM THIS MAILING LIST: e-mail the word "unsubscribe" to
Trouble? e-mail to email@example.com .