[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: dpkg-verify?

'Fabrizio Polacco wrote:'
>Philippe Troin wrote:
>>  David Frey wrote:
>> [...]
>> > ... check a package vs the current installation against:
>> > a) missing files
>> > b) wrong permissions
>> > c) wrong sizes/date stamps/link counts
>> Dpkg justs records the file list, not anything else.
>> I had further problems with packages which create some files in their
>> postinst (like perl, which compiles headers).
>It would be nice if /var/lib/dpkg/info/<package>.list listed also the
>owner, group and permissions at install time. (md5 will be a dream)
>But what could be really helpfull is a method to add or delete an entry
>in this list. So {pre,post}inst scripts could register their
>modifications to the fs tree.

What are the goals?  Security?  Then you just made it easy for the
crackers to cover their paths (over any sysadmins that rely on
dpkg-verify).  What do you need all this extra overhead for?  I think
the reasons don't justify the extra overhead.  And the reasons would
vary so much from site to site that dpkg-verify couldn't safisfy most
people anyway.

Can we identify the GOALS before we make any further suggestions on
dpkg-verify?  Thank you.

>Another method needed is the one that permits you to update the
>conffiles list.

Again, why?  What is your goal here.  What are you trying to
accomplish?   Would everyone need it done that way?  Would anyone need
it done?  Etc, etc.

Sorry, Fabrizio, but I think this whole thread is misguided.  I'd be
willing to return to it once clear goals were agreed upon.

Christopher J. Fearnley            |    Linux/Internet Consulting
cjf@netaxs.com, cjf@onit.net       |    UNIX SIG Leader at PACS
http://www.netaxs.com/~cjf         |    (Philadelphia Area Computer Society)
ftp://ftp.netaxs.com/people/cjf    |    Design Science Revolutionary
"Dare to be Naive" -- Bucky Fuller |    Explorer in Universe

TO UNSUBSCRIBE FROM THIS MAILING LIST: e-mail the word "unsubscribe" to
debian-devel-REQUEST@lists.debian.org . Trouble? e-mail to Bruce@Pixar.com

Reply to: