Re: Usage of dpkg under cygwin
On Wed, Oct 09, 2002 at 03:44:07PM -0500, Paul Baker wrote:
> >>But really, isn't it silly to demand privileges just to write the
> >>correct uids to an archive? It's not like the OS forbids you to
> >>create archives with any contents you like. This hokus pokus is
> >>just because we want to use the standard tar command, isn't it?
> Well if the cygwin port is ever to be taken serious in the debian
> community then it needs to take security as seriously as the rest of
> debian does. Don't let Microsoft negligence with security pollute the
> goals and purpose of this debian project. It should aspire to be
> better, not just average, then what is available now. I know one of my
> reasons for choosing debian is better security.</soapbox>
Of course we need to take security seriously, but I'm not convinced
that demanding unnecessary privileges or faking them does that. These
files don't need to be owned by root or seem to be owned by root during
the packaging process - we should be able to just tell tar to override
the fs metadata. I realize that the current system works, but I reserve
the right to call it a silly hack.
Note that I'm not talking about the Linux/NT/Cygwin issue, or about
NT at all really, I'm talking about "debian/rules build" in general.