Re: Future security problem (was Re: be careful with Replaces, please)
Brandon Mitchell wrote:
>
> I can see a security problem with this. Lets jump ahead several months
> when we have deity working. A user points deity to several sites, some
> providing a bunch of debs that they have created but don't want to be part
> of the main distribution. Now they upload a new package, call it
> libc6-<big version number> that replaces all kinds of packages, and
> whatever else they want to do. Most of you will dismiss this as "they
> deserved what they got" at this point, but I think we should start
> worrying about these possibilities. How about prompting the user before
> deleting a package because it was replaced (of course we need to think
> about non-interactive installations too). I'd also be interested in some
> kind of verification, so I can accept all packages put together by some
> maintainer, and the maintainers on the debian keyring, but no one else.
This is indeed a problem!
You will find that the deity design already addresses this problem in
the following ways
1) One option the user has is to display (most of) the package's headers
(Replaces being one of them) in a tabbed window on the selection screen.
If the user cares to, they can see what the package will replace if
installed.
2) More importantly, deity has a verification phase where all packages
to be installed/deleted/replaced/whatever, are shown to the user. The
user has a chance to see what exactly is going to happen before they
press the "OK" button.
Is that sufficient?
Behan
(UI designer for the Deity project)
--
Behan Webster mailto:behanw@verisim.com
+1-613-224-7547 http://www.verisim.com/
--
TO UNSUBSCRIBE FROM THIS MAILING LIST: e-mail the word "unsubscribe" to
debian-devel-request@lists.debian.org .
Trouble? e-mail to templin@bucknell.edu .
Reply to: