Re: opposition against clamav-data in debian volatile
* Javier Fernandez-Sanguino:
> This really sounds like there is a "use case" for data-only
> "packages" that:
Is clamav-data really data-only? Other AV software ships some sort of
code even in signature updates (as opposed to engine updates).
> - do not include maintainer scripts (dpkg refuses to run them) or are
> only allowed a set of limited tasks (run in a restricted shell or with
> reduced privileges)
>
> - are only allowed to write in a specific place on disk (such as
> /var/lib/<packagename>)
>
> Wouldn't that reduce the problems surrounding clamav-data and other
> frequently-updated data packages?
It would mean that APT and dpkg have to deal with untrusted data in
many more places. Not a good idea, IMHO.
Reply to: