Re: setuid/setgid binaries contained in the Debian repository.

To: Manoj Srivastava <srivasta@debian.org>
Cc: <debian-devel@lists.debian.org>
Subject: Re: setuid/setgid binaries contained in the Debian repository.
From: Adam Heath <doogie@debian.org>
Date: Mon, 4 Aug 2003 10:47:48 -0500 (CDT)
Message-id: <[🔎] Pine.LNX.4.44.0308041044360.25610-100000@gradall.private.brainfood.com>
In-reply-to: <[🔎] 87lluajf86.fsf@glaurung.green-gryphon.com>

On Sun, 3 Aug 2003, Manoj Srivastava wrote:

> 	Policy can make it so that packages are not accepted into
>  Debian unless you hop through certain hoops. Like making sure the
>  upload has a signature. Or that it has an entry in the override
>  file. I can easily code an entry for katie and friends that takes a
>  new package, and marks up the ones with setgid bits set -- and the
>  ftp maintainers do not create override entries until they see a
>  consensus develop, or the security team says ok.

No, this is not debian-policy.  Having such a signature, or an override file
entry, has nothing to do with package's interaction with the rest of the
system.

These items are only for accepting a package upload into the debian archive.
You have said in various avenues that policy is only to be used for
documenting interactions between packages; yet, you then bring up this point,
and say it's a policy issue.

> 	For gods sake, come up with some more intelligent arguments
>  for your point of view.

Don't change the facts to fit your personal view of the debian universe.

Reply to:

References:
- Re: setuid/setgid binaries contained in the Debian repository.
  - From: Manoj Srivastava <srivasta@debian.org>

Prev by Date: Re: Multiple so-versions of a lib in unstable are bad
Next by Date: Re: libraries being removed from the archive
Previous by thread: Re: setuid/setgid binaries contained in the Debian repository.
Next by thread: Re: setuid/setgid binaries contained in the Debian repository.
Index(es):
- Date
- Thread