Re: Running dpkg -r foo from a postinst script?
On Thu, Sep 20, 2001 at 09:16:00PM +0200, Bill Allombert wrote:
> What you really want to do is to implement
> Recommanded-Conflicts: brokenmailer, etcpassoire, trivialtohackftpd
> or even
> Suggested-Conflicts: easyr00ted, lametelnetd
> Right ?
>
> Well, creates an
> harden-recommanded-conflicts package
> that conflicts with brokenmailer, etcpassoire, trivialtohackftpd
> and a harden-suggested-conflicts package
> that conflicts with easyr00ted, lametelnetd
>
> Then make task-harden to Recommands: harden-recommanded-conflicts and
> Suggests: harden-suggested-conflicts.
Well I'll have to make a lot of packages then:
harden-servers-recommended-conflicts
harden-servers-suggested-conflicts
harden-clients-recommended-conflicts
harden-clients-suggested-conflicts
harden-localflaws-recommended-conflicts
harden-localflaws-suggested-conflicts
harden-remoteflaws-recommended-conflicts
harden-remoteflaws-suggested-conflicts
That sounds to me, to be quite a lot of unnecessary packages.
> It is not the real things, but closer than removing packages, because
> it last after installation.(your scheme does not prevend etcpassoire too
> be installed after task-harden)
> (the real thing woud be to have a handful of packages
> harden-conflict-brokenmailer,harden-conflict-etcpassoire,
> harden-conflict-trivialtohackftpd etc... that each conflicts with the
> named package, but it lead to half dozen stupid virtual package more.)
>
> Also consider how works task-packages:
Well I have changed task-harden to harden because it is not a real task
package. Task packages should not conflict anything. Tasksel does not
support that though (as I have heard).
> It is an empty package. We install it. We got all the Depended, Recommended
> packages. Afterward we can remove it safely, without affecting these packages.
> So if tasken-harden conflicts with easyr00ted and I really need/want
> easyr00ted, I can remove task-harden after it has been successfully installed
> and install easyr00ted.
>
> If too many people object that conflict in task package are evil, then
> use an intermediate package as described above.
The thing is that sometimes it is better to have a package installed
than to remove it. For example the *flaws packages can change on the
way. And if you do not note the REMOVE line when using apt and/or
dselect you will suddenly have some packages removed. And that can
be a bad thing if used on a production server. I have had quite a lot
complains about that.
But that is not the most informative part. Sometimes I want to ask
the user if he/she want the package installed and inform about the
risks. Information is a good part of securing the server.
Regards,
// Ola
> HTH,
>
> Bill. <ballombe@debian.org>
>
>
> --
> To UNSUBSCRIBE, email to debian-devel-request@lists.debian.org
> with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
>
--
--------------------- Ola Lundqvist ---------------------------
/ opal@debian.org Björnkärrsgatan 5 A.11 \
| opal@lysator.liu.se 584 36 LINKÖPING |
| +46 (0)13-17 69 83 +46 (0)70-332 1551 |
| http://www.opal.dhs.org UIN/icq: 4912500 |
\ gpg/f.p.: 7090 A92B 18FE 7994 0C36 4FE4 18A1 B1CF 0FE5 3DD9 /
---------------------------------------------------------------
Reply to: