Re: setuid/setgid binaries contained in the Debian repository.
On Fri, Aug 01, 2003 at 11:39:24PM -0500, Manoj Srivastava wrote:
> You are now talking about putting things into policy that
> require maintainerrs to change program behaviour to attain similar
> functionality and features; and all the examples you quote are about
> packaging details that are under our control completely.
No, we are talking about recommending that developers discuss with other
developers before making a change to their package which is likely to affect
the security of every system where the package is installed. File
permissions and program privileges are clearly a packaging matter. What is
the nature of your objection?