Bug#570486: Configuration /var with noexec option breaks base system installation

[Benoit GUERIN <benoit.guerin@gmail.com>]

2010/4/15 Joey Hess <joeyh@debian.org>

Allowing users to install a system with a noexec /var strikes me as a
bad idea, because such a system will require a knowledgeable admin to
intervene to allow it to upgrade, or install new packages.

I think that partman should prevent the user from foot-shooting of this
magnitude. It should ensure that at least / /usr /tmp /var are not
noexec. (/tmp due to #223683)

I totally agree with that, but as a similary thing, one can configure /usr read-only (for security reasons)
The installation process does not break with /usr configured read only, and once you have rebooted, you HAVE to do some extra configuration (/etc/apt/apt.conf.d/... ok this works with apt, aptitude, synaptic but not with dpkg itself)  to install / upgrade packages

My 2 cents ...