Hi, On Wed, Dec 18, 2002 at 08:38:53PM +0100, Joachim Breitner wrote: > Hi, > > Am Mit, 2002-12-18 um 20.23 schrieb Emile van Bergen: > > > This could be worked around by storing the downloaded lists in the > > > home directory of the current user -- although that has a different > > > drawback (they would have to re-download the updated lists in the "real" > > > package manager, which is a bit confusing) > > > > True, but perhaps for some people preferrable over having a suid part > > and automatically overwriting the apt lists. Anyway, its your call ;-) > > I'd suggest to give the user the choice via debconf. Either he wants to > run it with a part setuid'ed and have the full features, or he wants > security and does not allow the setuid part, allowing the applet only to > show new packages, but not perform any action (so that he can examine > that stuff like usual with apt-get -u or apt-show-versions or whatever > he does before apt-get upgrade). After second thought, I think my idea of downloading the apt lists somewhere else and then having to do it again /is/ confusing, as Daniel said, and time consuming if you don't have a fast link. What I'd ask via debconf instead is a choice between either 1. showing the information as given by Hit/Ign/Get, i.e. without downloading the full lists, which is fast, easy and doesn't require root privileges (at least theoretically not), accepting the drawback that you also see updates for packages you don't have installed, or 2. doing the equivalent of putting apt-get update in your crontab, using the suid wrapper. Cheers, Emile. -- E-Advies / Emile van Bergen | emile@e-advies.info tel. +31 (0)70 3906153 | http://www.e-advies.info
Attachment:
pgpAilL4aETOW.pgp
Description: PGP signature