Re: Package maintainer script policy.
Hi,
>>"Raul" == Raul Miller <rdm@test.legislate.com> writes:
>> Raul Miller wrote:
>> > I think it should be a wishlist bug. This is a required package,
>> > and in a secure environment you'd like to be able to verify the
>> > dpkg scripts before running them (or perform the steps by hand).
Raul> Joey Hess <joey@kitenet.net> wrote:
>> If you're ultra-paranoid, what's the difference between a postinst that is a
>> binary (ie, libreadlineg2.deb) and a postinst that calls a binary that is
>> contained in the package (ie, bash.deb)?
>>
>> We can't outlaw the second, so I see no reason to bother outlawing the
>> first.
Raul> The differences are frequency of use, and need.
Excuse me?
Case 1) The postinst is binary, and can't be checked a priori
Case 2) The postinst is a shell script that calls a binary included
in the package, which again is not checkable easily.
Where does frequency of use and need come into the picture?
manoj
--
"There's only one way to have a happy marriage and as soon as I learn
what it is I'll get married again." Clint Eastwood
Manoj Srivastava <srivasta@acm.org> <http://www.datasync.com/%7Esrivasta/>
Key C7261095 fingerprint = CB D9 F4 12 68 07 E4 05 CC 2D 27 12 1D F5 E8 6E
--
To UNSUBSCRIBE, email to debian-devel-request@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
Reply to: