Re: Multipart package (IRAF)

To: Raul Miller <rdm@test.legislate.com>
Cc: Manoj Srivastava <srivasta@datasync.com>, Debian Developers List <debian-devel@lists.debian.org>
Subject: Re: Multipart package (IRAF)
From: Zed Pobre <zed@moebius.interdestination.net>
Date: Wed, 18 Feb 1998 11:11:50 -0600 (CST)
Message-id: <[🔎] Pine.LNX.3.96.980218105754.655A-100000@moebius.interdestination.net>
In-reply-to: <[🔎] 19980218103957.61324@hazel>

-----BEGIN PGP SIGNED MESSAGE-----

On Wed, 18 Feb 1998, Raul Miller wrote:

> In this case, it probably is a good idea to do exactly that -- first
> get the overall packaging issues sorted out, and create some contrib
> packages. Then, repackage it (perhaps with different package boundaries
> and thus different package names) and distribute it for real.

    If I do that, my layout would probably be as follows: 

Contrib:
    iraf_2.11.1-1.i386.deb - Setup scripts
	Depends: iraf-common, iraf-ibin, iraf-noaobin
    iraf-common_2.11.1-1.i386.deb - source code, some binaries
    iraf-ibin_2.11.1-1.i386.deb - primary binaries
    iraf-noaobin_2.11.1-1.i386.deb - NOAO binaries

Main:
    iraf_2.11.1-2.deb - Setup scripts and primary source code
	Depends: iraf-xxx, iraf-yyy, etc
        Conflicts: iraf-common, iraf-ibin, iraf-noaobin

I assume that once I become a maintainer, I'll have sufficient access to
va to redownload the source .tar.gz files and rebuild.  Incidentally, each
of the three primary source files are chopped up into segments of about
512k each, with no definitive name for what they should be when recombined
(actually, the install instructions have you just cat the entire mess
through gzip and tar to install).  Do I list each segment as an individual
file, or is it legal to give it the logical reconstruction name?  Also,
what do you do with the Source: header in this case?
 

> You'll probably want to include something about your intentions
> in the interim version.

    Easy enough to document.  


> Finally, the primary security holes that can occur with binaries
> run under a user account has to granting access to the machine from
> a random place on the net.  If iraf listens to ip sockets then that's
> a potential vulnerability.

    As far as I can tell, it doesn't touch the net at all.  It certainly
doesn't change anything in /etc that would allow it to (you can't just
listen to a socket at random, can you?)

=============================================================================
Zed Pobre  <zcp@po.cwru.edu>  |  PGP key on servers, fingerprint on finger
=============================================================================

-----BEGIN PGP SIGNATURE-----
Version: 5.0
Charset: noconv

iQEVAwUBNOsWUNwPDK/EqFJbAQEPVAgAvOPASs9SJ/ZaIKRnYCEkAyr19OHanetq
3GEBjp1Lfy75q8pOq0O9zM2zg52Wm9Gvq6qLp5P/gGSTsl0RPPpVHOtuGs1bOZIV
AU1HhKPe1VXN1DXqP2OColAWlGovvMxKbwKRMJcxy6y5HV68RDzoDXs/OIHZ1hpl
QJ0VbbB1f8fNSqOJd1SZxcGiMQGMN4vGLFem21gbbX5tHIeoXUVy2NQKsdqtHlix
7wYrySDoXXu5FCoFdt7cMLG28vLIMavMahtirlRCWTKGCiw/lAeOsg4U25QNEqER
iV0dYnxAdCvQOOLaFupYm1ju0aGVjSeo9oFwHJ1Y2POdJP4GkxcC0w==
=QZI+
-----END PGP SIGNATURE-----


--
TO UNSUBSCRIBE FROM THIS MAILING LIST: e-mail the word "unsubscribe" to
debian-devel-request@lists.debian.org . 
Trouble?  e-mail to templin@bucknell.edu .

Reply to:

Follow-Ups:
- Re: Multipart package (IRAF)
  - From: Raul Miller <rdm@test.legislate.com>

References:
- Re: Multipart package (IRAF)
  - From: Raul Miller <rdm@test.legislate.com>

Prev by Date: Re: More about lintian
Next by Date: HOSTTYPE?
Previous by thread: Re: Multipart package (IRAF)
Next by thread: Re: Multipart package (IRAF)
Index(es):
- Date
- Thread