Re: Package verification
On Wed, Oct 08, 2003 at 12:24:37AM +1000, Kim Lester wrote:
> There is no way to verify/correct the MODE, USER, GROUP, TYPE
> of any files installed in a pkg.
> If I am wrong please point out where, with an installed pkg
> (and preferably without having a copy of the .dpkg around)
> once can tell if a pkg is _installed_correctly_.
Define "correctly". The permissions and ownerships as specified by the
package maintainer may be overridden by the sysadmin, and some files are
only created after installation (and permissions set by script).
Barring a break-in, I don't see how system file permissions would ever be
changed without admin knowledge, so verification would seem like a useless
overhead. Post-intrusion, of course, is a different matter, but there are
already tools to deal with that if you need it.
Then again, I don't work in the "enterprise world", just the real one, so
the pressures of CTO madness don't affect me. <grin>
> So is the developer community interested in working with me
> to add these (and other important features) for a larger
> commercial environments. Bear in mind I have real coded
> solutions to many of these issues which I hope to be able
> to share....
To be blunt: what's stopping you? Package them up, find a sponsor,
demonstrate their utility, and away you go. Get them integrated with dpkg
in whatever fashion is necessary, and make them an integral part of Debian.
You don't need debian-devel consensus to do that - and apart from any dpkg
changes that are needed, you only need one developer (to upload the packages
on your behalf until you become a DD yourself).