[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: opposition against clamav-data in debian volatile

* Javier Fernandez-Sanguino:

> This really sounds like there is a "use case" for data-only
> "packages" that:

Is clamav-data really data-only?  Other AV software ships some sort of
code even in signature updates (as opposed to engine updates).

> - do not include maintainer scripts (dpkg refuses to run them) or are
> only allowed a set of limited tasks (run in a restricted shell or with
> reduced privileges)
> - are only allowed to write in a specific place on disk (such as
> /var/lib/<packagename>)
> Wouldn't that reduce the problems surrounding clamav-data and other
> frequently-updated data packages?

It would mean that APT and dpkg have to deal with untrusted data in
many more places.  Not a good idea, IMHO.

Reply to: