Re: Package maintainer script policy.
Hi,
>>"Joey" == Joey Hess <joey@kitenet.net> writes:
Joey> Raul Miller wrote:
>> I think it should be a wishlist bug. This is a required package,
>> and in a secure environment you'd like to be able to verify the
>> dpkg scripts before running them (or perform the steps by hand).
I realize, of course, the difference between a{pre,post}{inst,rm}
and a binary contained in a package; and that being that the former
is run as root, and the latter is not. However, for a truly paranoid
site, I still think one would like to audit the package sources.
Joey> If you're ultra-paranoid, what's the difference between a
Joey> postinst that is a binary (ie, libreadlineg2.deb) and a
Joey> postinst that calls a binary that is contained in the package
Joey> (ie, bash.deb)?
Well, I guess the paranoid person does not load that
package. But then, the paranoid person does not load the package with
a binary postinst either, so we are back to square one.
Joey> We can't outlaw the second, so I see no reason to bother
Joey> outlawing the first.
manoj
--
The "Catholic Church" *is not* the one true church. The Holy
Orthodox [Eastern] Christian Church is the one and only repository of
the *fullness* of Christ's > teachings. Sorry, but the one _true_
church is the Church of the Forgotten Son, where we worship the
Almighty earthworm. Not only is it more true than any of the
Christian churches, it's also less fulfilling and it tastes
great. Just thought you'd like to know. Andrew. Kalinowitsch
(kalin@cbnewsm.att.com)
Manoj Srivastava <srivasta@acm.org> <http://www.datasync.com/%7Esrivasta/>
Key C7261095 fingerprint = CB D9 F4 12 68 07 E4 05 CC 2D 27 12 1D F5 E8 6E
--
To UNSUBSCRIBE, email to debian-devel-request@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
Reply to: