[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Package maintainer script policy.


>>"Joey" == Joey Hess <joey@kitenet.net> writes:

 Joey> Raul Miller wrote:
 >> I think it should be a wishlist bug.  This is a required package,
 >> and in a secure environment you'd like to be able to verify the
 >> dpkg scripts before running them (or perform the steps by hand).

	I realize, of course, the difference between a{pre,post}{inst,rm} 
 and a binary contained in a package; and that being that the former
 is run as root, and the latter is not. However, for a truly paranoid
 site, I still think one would like to audit the package sources.

 Joey> If you're ultra-paranoid, what's the difference between a
 Joey> postinst that is a binary (ie, libreadlineg2.deb) and a
 Joey> postinst that calls a binary that is contained in the package
 Joey> (ie, bash.deb)?

	Well, I guess the paranoid person does not load that
 package. But then, the paranoid person does not load the package with
 a binary postinst either, so we are back to square one.

 Joey> We can't outlaw the second, so I see no reason to bother
 Joey> outlawing the first.

 The "Catholic Church" *is not* the one true church.  The Holy
 Orthodox [Eastern] Christian Church is the one and only repository of
 the *fullness* of Christ's > teachings.  Sorry, but the one _true_
 church is the Church of the Forgotten Son, where we worship the
 Almighty earthworm.  Not only is it more true than any of the
 Christian churches, it's also less fulfilling and it tastes
 great. Just thought you'd like to know. Andrew. Kalinowitsch
Manoj Srivastava  <srivasta@acm.org> <http://www.datasync.com/%7Esrivasta/>
Key C7261095 fingerprint = CB D9 F4 12 68 07 E4 05  CC 2D 27 12 1D F5 E8 6E

To UNSUBSCRIBE, email to debian-devel-request@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org

Reply to: