Re: Packages that download/install unsecured files
On Fri, 18 Sep 2009 19:06:21 +0300, Tom Feiner wrote:
> Philipp Kern wrote:
> > On 2009-09-18, Tom Feiner wrote:
> >> Looks like this method works well for clamav-data and other similar packages
> >> which needs to update databases frequently on stable/oldstable.
> >
> > clamav-data is scheduled for deletion as soon as volatile moves onto
> > ftp-master, so that's no precedent. (I.e. there is opposition against
> > daily builds entering the archive without real developers signing them.)
> >
>
> Ah, I was not aware of this. So what is the best practice in this case, where
> a package needs an updated database on a regular basis (monthly basis in case
> of geoip)?
i don't think that there is any standard at this point, and maybe the
outcome of this discussion should be a standardized solution. my
suggestion could potentially be a one-size-fits-all solution for all of
the cases mentioned so far: antivirus updates, gps/geographical
updates, game data updates (often non-free), printer firmware updates
(often non-free), non-free font updates, non-free firmware/driver
updates, etc. anything i've missed?
however, i think that since these packages are depending on information
outside of the debian archive, most (if not all) should be hosted under
the contrib section (since users without internet access will encounter
reduced/limited functionality). and especially for those scripts
depending on non-free external data.
mike
Reply to: