Re: Package maintainer script policy.
Hi,
>>"Raul" == Raul Miller <rdm@test.legislate.com> writes:
Raul> Manoj Srivastava <srivasta@datasync.com> wrote:
Buddha> Should I report this as a bug?
>>
>> Umm, no. Why should this be a bug? If it handles all the ways
>> it can be called, and seems to do the right thing, it can be anything
>> executable at all. In other words, if it conforms to policy, it
>> should be OK.
Raul> I think it should be a wishlist bug. This is a required package,
Raul> and in a secure environment you'd like to be able to verify the
Raul> dpkg scripts before running them (or perform the steps by hand).
Nonsense. You are downloading a *BINARY* package. You are
worried about a itty-bitty script, and blithely go about installing
the binaries? What kind of a (pardon me) half-assed security measure
is that? If you are that secure, you download the sources, and you
look them over (in which case you look over the postinst exec as
well).
This is not a good enough reason for this to be even a
wishlist bug.
manoj
security issues are usually best left to experts
--
The further the spiritual evolution of mankind advances, the more
certain it seems to me that the path to genuine religiosity does not
lie through the fear of life, and the fear of death, and blind faith,
but through striving after rational knowledge. Albert Einstein
Manoj Srivastava <srivasta@acm.org> <http://www.datasync.com/%7Esrivasta/>
Key C7261095 fingerprint = CB D9 F4 12 68 07 E4 05 CC 2D 27 12 1D F5 E8 6E
--
To UNSUBSCRIBE, email to debian-devel-request@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
Reply to: