[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: su in debian.rules

> I have one problem with this.  Since you need to be root in order to install
> packages, why does it matter that you have to give root access to anybody
> developing packages?  If you are not actually installing the packages you 

0) I'll just note that now that my laptop is working again (dpkg is
very useful for recovering a partly damaged installation) I'll be
working on having dpkg-deb take an externally supplied tar file, which
would cover all of my needs...

1) I *am* installing the packages, specifically to test them. In fact,
these days, thanks to debian, I never do a raw "make install" but
always build a package first -- it makes it *so* much easier to clean
up the mess afterwards, when the first one breaks. (Especially for an
upgraded package -- I do my own CVS builds because I use the Kerberos
support in the remote code -- and needed to swap back and forth
between the new and old *packages* to determine if something was a new
cvs-1.7 bug or an existing one...)

2) Many of my packages only need root to install because of dpkg
itself; having an installer (classically "bin") group would be
enough... though I grant the added dangers of having directories that
are writable by non-root users when running NFS, I don't export any
OS partitions that way.

2) With so much arbitrary damage capable for root, I view *any*
actions taken by root as suspicious. By limiting the things that I do
perform as root, it's easier to tell when something is wrong.

3) While debian.rules makefiles are generally written and tested for
root use, is the same true of, for example, the "clean" or "distclean"
rules in the upstream packages? Simply put, *no.* Do you really want
to risk an rm of the wrong thing, while running as root?

I hope I've made my opinions and attitudes clear here. I hope I've
also made it clear that I'm not imposing them on anyone else; I'm not
trying to change the way the default packages are built (though it
might please me were it to happen, I'm not investing any effort in it;
I'm quite happy to be able to do mine my way *and* still be within the

					_Mark_ <eichin@cygnus.com>
					Cygnus Support, Eastern USA

Reply to: