Re: opposition against clamav-data in debian volatile

To: Javier Fernandez-Sanguino <jfs@debian.org>
Cc: debian-devel@lists.debian.org
Subject: Re: opposition against clamav-data in debian volatile
From: Florian Weimer <fw@deneb.enyo.de>
Date: Tue, 22 Sep 2009 12:21:33 +0000
Message-id: <[🔎] 8763bbgofm.fsf@mid.deneb.enyo.de>
In-reply-to: <[🔎] f3c99a80909220513s4a42c585n8aa1755dbc232e6a@mail.gmail.com> (Javier Fernandez-Sanguino's message of "Tue, 22 Sep 2009 14:13:38 +0200")
References: <[🔎] 20090917230205.48fd6e67.michael.s.gilbert@gmail.com> <[🔎] 8e2a98be0909180724m4121bcefo247a243b58ebacb1@mail.gmail.com> <[🔎] 4AB3A50B.8040201@gmail.com> <[🔎] slrnhb7bcn.uej.trash@kelgar.0x539.de> <[🔎] E1MovNj-00032x-Lf@swivel.zugschlus.de> <[🔎] slrnhb9vhh.5q0.trash@kelgar.0x539.de> <[🔎] E1MpNut-0004CJ-QR@swivel.zugschlus.de> <[🔎] 4AB645F5.6070605@debian.org> <[🔎] E1MpRcN-0006zu-WD@swivel.zugschlus.de> <[🔎] 20090920212830.GA813@khazad-dum.debian.net> <[🔎] f3c99a80909220513s4a42c585n8aa1755dbc232e6a@mail.gmail.com>

* Javier Fernandez-Sanguino:

> This really sounds like there is a "use case" for data-only
> "packages" that:

Is clamav-data really data-only?  Other AV software ships some sort of
code even in signature updates (as opposed to engine updates).

> - do not include maintainer scripts (dpkg refuses to run them) or are
> only allowed a set of limited tasks (run in a restricted shell or with
> reduced privileges)
>
> - are only allowed to write in a specific place on disk (such as
> /var/lib/<packagename>)
>
> Wouldn't that reduce the problems surrounding clamav-data and other
> frequently-updated data packages?

It would mean that APT and dpkg have to deal with untrusted data in
many more places.  Not a good idea, IMHO.

Reply to:

References:
- Re: Packages that download/install unsecured files
  - From: Michael S Gilbert <michael.s.gilbert@gmail.com>
- Re: Packages that download/install unsecured files
  - From: Michael S Gilbert <michael.s.gilbert@gmail.com>
- Re: Packages that download/install unsecured files
  - From: Tom Feiner <feiner.tom@gmail.com>
- Re: Packages that download/install unsecured files
  - From: Philipp Kern <trash@philkern.de>
- opposition against clamav-data in debian volatile (was: Packages that download/install unsecured files)
  - From: Marc Haber <mh+debian-devel@zugschlus.de>
- Re: opposition against clamav-data in debian volatile (was: Packages that download/install unsecured files)
  - From: Philipp Kern <trash@philkern.de>
- Re: opposition against clamav-data in debian volatile (was: Packages that download/install unsecured files)
  - From: Marc Haber <mh+debian-devel@zugschlus.de>
- Re: opposition against clamav-data in debian volatile
  - From: Luk Claes <luk@debian.org>
- Re: opposition against clamav-data in debian volatile
  - From: Marc Haber <mh+debian-devel@zugschlus.de>
- Re: opposition against clamav-data in debian volatile
  - From: Henrique de Moraes Holschuh <hmh@debian.org>
- Re: opposition against clamav-data in debian volatile
  - From: Javier Fernandez-Sanguino <jfs@debian.org>

Prev by Date: Re: opposition against clamav-data in debian volatile
Next by Date: Re: Automatic ITP closing.
Previous by thread: Re: opposition against clamav-data in debian volatile
Next by thread: Re: opposition against clamav-data in debian volatile
Index(es):
- Date
- Thread