[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Future security problem (was Re: be careful with Replaces, please)

> > Greg Stark writes:
> >  > We've got be be a little more careful with the Replaces header. I just
> >  > installed the libc6 version of comerr, and dpkg helpfully deinstalled
> >  > e2fsprogs. 

I can see a security problem with this.  Lets jump ahead several months
when we have deity working.  A user points deity to several sites, some
providing a bunch of debs that they have created but don't want to be part
of the main distribution.  Now they upload a new package, call it
libc6-<big version number> that replaces all kinds of packages, and
whatever else they want to do.  Most of you will dismiss this as "they
deserved what they got" at this point, but I think we should start
worrying about these possibilities.  How about prompting the user before
deleting a package because it was replaced (of course we need to think
about non-interactive installations too).  I'd also be interested in some
kind of verification, so I can accept all packages put together by some
maintainer, and the maintainers on the debian keyring, but no one else.

We have time to think about this, but the sooner the better in my opinion.


Brandon Mitchell <bhmit1@mail.wm.edu>   "We all know linux is great... it
PGP: finger -l bhmit1@cs.wm.edu          does infinite loops in 5 seconds"
Phone: (757) 221-4847                      --Linus Trovalds

TO UNSUBSCRIBE FROM THIS MAILING LIST: e-mail the word "unsubscribe" to
debian-devel-request@lists.debian.org . 
Trouble?  e-mail to templin@bucknell.edu .

Reply to: