[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Package maintainer script policy.

On Mon, Aug 03, 1998 at 01:11:55AM -0500, Manoj Srivastava wrote:
> 	I realized, of course, after sending the message, that the pre
>  and post inst scripts are run as root, while the binaries need never
>  be. I am getting senile. Hmm. 
> 	I guess we need to modify policy on this; and maybe require
>  that all pre and post install and rm scripts need to be scripts for
>  security purposes? 

They're usually run before you get a chance to look at them anyway.  I don't
see the reasoning at all.  If someone has a postinst doing Really Bad Things
it will still hit people when it hits unstable.  However, I think I would
expect something like this would be very seriously dealt with considering it
would have a PGP signature on it.

Attachment: pgpsf96NMU_rn.pgp
Description: PGP signature

Reply to: