[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Running dpkg -r foo from a postinst script?

On Thu, Sep 20, 2001 at 09:16:00PM +0200, Bill Allombert wrote:
> What you really want to do is to implement
> Recommanded-Conflicts: brokenmailer, etcpassoire, trivialtohackftpd
> or even 
> Suggested-Conflicts: easyr00ted, lametelnetd
> Right ?
> Well, creates an
> harden-recommanded-conflicts package
> that conflicts with brokenmailer, etcpassoire, trivialtohackftpd
> and a harden-suggested-conflicts package
> that conflicts with easyr00ted, lametelnetd
> Then make task-harden to Recommands: harden-recommanded-conflicts and
> Suggests: harden-suggested-conflicts.

Well I'll have to make a lot of packages then:


That sounds to me, to be quite a lot of unnecessary packages.

> It is not the real things, but closer than removing packages, because
> it last after installation.(your scheme does not prevend etcpassoire too
> be installed after task-harden)
> (the real thing woud be to have a handful of packages 
> harden-conflict-brokenmailer,harden-conflict-etcpassoire,
> harden-conflict-trivialtohackftpd etc... that each conflicts with the
> named package, but it lead to half dozen stupid virtual package more.)
> Also consider how works task-packages:

Well I have changed task-harden to harden because it is not a real task
package. Task packages should not conflict anything. Tasksel does not
support that though (as I have heard).

> It is an empty package.  We install it. We got all the Depended, Recommended
> packages.  Afterward we can remove it safely, without affecting these packages.
> So if tasken-harden conflicts with easyr00ted and  I really need/want
> easyr00ted, I can remove task-harden after it has been successfully installed
> and install easyr00ted.
> If too many people object that conflict in task package are evil, then 
> use an intermediate package as described above.

The thing is that sometimes it is better to have a package installed
than to remove it. For example the *flaws packages can change on the
way. And if you do not note the REMOVE line when using apt and/or
dselect you will suddenly have some packages removed. And that can
be a bad thing if used on a production server. I have had quite a lot
complains about that.

But that is not the most informative part. Sometimes I want to ask
the user if he/she want the package installed and inform about the
risks. Information is a good part of securing the server.


// Ola

> HTH,
> Bill. <ballombe@debian.org>
> -- 
> To UNSUBSCRIBE, email to debian-devel-request@lists.debian.org
> with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org

 --------------------- Ola Lundqvist ---------------------------
/  opal@debian.org                     Björnkärrsgatan 5 A.11   \
|  opal@lysator.liu.se                 584 36 LINKÖPING         |
|  +46 (0)13-17 69 83                  +46 (0)70-332 1551       |
|  http://www.opal.dhs.org             UIN/icq: 4912500         |
\  gpg/f.p.: 7090 A92B 18FE 7994 0C36  4FE4 18A1 B1CF 0FE5 3DD9 /

Reply to: