[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: New perl package

Ian Jackson, in an immanent manifestation of deity, wrote:
>Firstly: a few months ago we decided to phase out `_' in package
>names.  Many of the schemes being proposed for parseable filenames
>1.1.6).  So, could you please change from `_' to `-'.

Sorry, I got confused and thought it was changing the '-' to '_' in a
package name.  I've changed it to '-'.

>Secondly: I don't particularly like the way you've split the packages.
>(a) We need a `perl binary only' (and perhaps the more essential
>library files) package for the base disks.  That has to be marked
>Essential &c.  (b) Can't we then make the rest of the installation a
>little less granular - have only one or perhaps two other packages ?

Can you and Bruce and who ever else decide which libraries are
essential and I'll make this package?  Shall I call it perl-base?

As for having a the 3 (now 4) packages, I configured it that way since
some people aren't going to want suid or debug perl versions.  I figured
that installing or not installing a package was the simplist way to do
this.  I'm open for suggestions as to other methods.  I don't really
like "ask a question in postinst" method.  Anyway, debug perl is *big*
(1.1 Meg for the files + copyright).

>(c) You say ...
>>         * Added the dosuid define to Configure so that perl would once
>>           again create a suidperl.  It was dropped from the upstream
>>           release.  There is a question in the postinst that asks if you
>>           want it or not.
>Does the answer to this question get kept anywhere ?  In any case,
>(i) isn't a separate package the right thing here but (ii) can't we
>review the code to make sure it's secure - surely that can't be too
>hard ?  We just need to make sure that suidperl can't be used if there
>are no suid perl scripts.

My changelog entries are in reverse order.  My third (from the top)
entries says that I changed it from a question to a package.
It's about as secure as suid programs get.  i.e. there can always be
hidden gotchas and the safest route is not to have it.
suidperl will not run a script if it isn't suid or sgid.

>>         * Added tcsh as well as c-shell to the dependency list.  I'll
>>           remove the tcsh once c-shell is provided by it.
>Please don't do this !  Configure it to think that csh isn't
>available.  You can't make an vital package like Perl depend on an
>optional one like csh ...

How about Recommends?  This is a known problem in perl.  It's not been
fixed.  I don't have enough tuits to set this up right now.  I'm
catching up on being away on travel to client sites.


Reply to: