Hi, It looks like more and more of these are popping up. It seems to me that packages such as diskless-image-secure, diskless-image-simple, xfsprogs-bf, e2fsprogs-bf should automatically qualify for grave or even critical bugs for breaking your system if installed. From the description of diskless-image-simple: WARNING: This package can and will break your computer. Do not install manually. It should only be installed via the diskless-newimage, part of the diskless package. Why are such things allowed into the archive? Will these things ever even make it into testing given that they are uninstallable? IMHO. this is a completelly wrong way of going about this. These packages contain data used by other packages. This is not uncommon, many packages have a -common or -data package to go with them. This is a special case because the data is in the format of a .deb. I suggest then that diskless-image-simple and friends should be packages that contain the .deb files. Ie. there is no reason one cannot have a harmless diskless-image-simple that contains another .deb as data. This second .deb can then be used by the diskless package to setup its chroot. I am writing here so that this can be discussed. I filed grave bugs on some of these packages which were imediatelly downgraded by their respective maintainers to a wishlist severity, and tagged "wontfix". Thanks, Norbert
Attachment:
pgpEWoRHnOpJO.pgp
Description: PGP signature