[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: debmake 1.14 uploaded



[ Please don't Cc: me when replying to my message on a mailing list. ]

Shaya Potter:
> From my undersanding you don't have to use those tools if you don't 
> want.  yes maybe it is a little dangerous to have those files on a 
> system, but in reality a person can manually delete them if hje thinks 
> they are a risk, and his system should still work perfectly, right?
> Maybe it should be a postinst option if he wants those files or not.

The mere existence of suid programs is a security concern. Sure,
it would be easy to remove them, but you have to be aware of them.
Most people wouldn't be aware of details of Debian packing tools.

IMHO debmake should be designed to use su (or sudo, super, or any
of the other existing tools specifically designed for this). I haven't
had any trouble using sudo with dpkg-buildpackage.

-- 
Please read <http://www.iki.fi/liw/mail-to-lasu.html> before mailing me.
Please don't Cc: me when replying to my message on a mailing list.


Attachment: pgpxcTcU_cEHH.pgp
Description: PGP signature


Reply to: