[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Package maintainer script policy.

>>"Raul" == Raul Miller <rdm@test.legislate.com> writes:

 >> Raul Miller wrote:
 >> > I think it should be a wishlist bug.  This is a required package,
 >> > and in a secure environment you'd like to be able to verify the
 >> > dpkg scripts before running them (or perform the steps by hand).
 Raul> Joey Hess <joey@kitenet.net> wrote:
 >> If you're ultra-paranoid, what's the difference between a postinst that is a
 >> binary (ie, libreadlineg2.deb) and a postinst that calls a binary that is
 >> contained in the package (ie, bash.deb)?
 >> We can't outlaw the second, so I see no reason to bother outlawing the
 >> first.

 Raul> The differences are frequency of use, and need.

	Excuse me? 
 Case 1) The postinst is binary, and can't be checked a priori
 Case 2) The postinst is a shell script that calls a binary included
         in the package, which again is not checkable easily.

	Where does frequency of use and need come into the picture?

 "There's only one way to have a happy marriage and as soon as I learn
 what it is I'll get married again." Clint Eastwood
Manoj Srivastava  <srivasta@acm.org> <http://www.datasync.com/%7Esrivasta/>
Key C7261095 fingerprint = CB D9 F4 12 68 07 E4 05  CC 2D 27 12 1D F5 E8 6E

To UNSUBSCRIBE, email to debian-devel-request@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org

Reply to: