Re: Package maintainer script policy.
>>"Raul" == Raul Miller <email@example.com> writes:
>> Raul Miller wrote:
>> > I think it should be a wishlist bug. This is a required package,
>> > and in a secure environment you'd like to be able to verify the
>> > dpkg scripts before running them (or perform the steps by hand).
Raul> Joey Hess <firstname.lastname@example.org> wrote:
>> If you're ultra-paranoid, what's the difference between a postinst that is a
>> binary (ie, libreadlineg2.deb) and a postinst that calls a binary that is
>> contained in the package (ie, bash.deb)?
>> We can't outlaw the second, so I see no reason to bother outlawing the
Raul> The differences are frequency of use, and need.
Case 1) The postinst is binary, and can't be checked a priori
Case 2) The postinst is a shell script that calls a binary included
in the package, which again is not checkable easily.
Where does frequency of use and need come into the picture?
"There's only one way to have a happy marriage and as soon as I learn
what it is I'll get married again." Clint Eastwood
Manoj Srivastava <email@example.com> <http://www.datasync.com/%7Esrivasta/>
Key C7261095 fingerprint = CB D9 F4 12 68 07 E4 05 CC 2D 27 12 1D F5 E8 6E
To UNSUBSCRIBE, email to firstname.lastname@example.org
with a subject of "unsubscribe". Trouble? Contact email@example.com