Submitted application/vnd.debian.binary-package to the IANA.

To: debian-devel@lists.debian.org
Subject: Submitted application/vnd.debian.binary-package to the IANA.
From: Charles Plessy <plessy@debian.org>
Date: Sun, 6 Apr 2014 14:57:07 +0900
Message-id: <[🔎] 20140406055707.GC15710@falafel.plessy.net>
In-reply-to: <20140323025911.GC20063@aqwa.igloo> <rt-4.0.8-2929-1396761281-1155.754162-3-0@icann.org>

Hello everybody,

I eventually submitted the media type application/vnd.debian.binary-package to
the IANA via their on-line form <http://www.iana.org/form/media-types>, see
below for details.

Have a nice week-end,

-- Charles

----- Forwarded message from IANA MIME Requests via RT <iana-mime@iana.org> -----

Date: Sun, 6 Apr 2014 05:14:41 +0000
From: IANA MIME Requests via RT <iana-mime@iana.org>
To: plessy@debian.org
Subject: [IANA #754162] AutoReply: Request for MIME media type Application/Vendor Tree -
	vnd.
Reply-To: iana-mime@iana.org
Message-ID: <rt-4.0.8-2929-1396761281-1155.754162-3-0@icann.org>

To whom it may concern:

This is an automatically generated message to notify you that we have
received your request, and it has been recorded in our ticketing
system with a reference number of 754162. To check the status
of your request, please see:

https://tools.iana.org/ticket-status/app

If you have any problems accessing this page, please contact
iana@iana.org.

There is no need to reply to this message right now. IANA staff will
review your message shortly.

If this message is in reply to a previously submitted ticket, it is 
possible that the previous ticket has been marked as closed. As we 
review this ticket, we will also review previous correspondence and 
take appropriate action.

To expedite processing, and ensure our staff can view the full history 
of this request, please make sure you include the follow exact text in
the subject line of all future correspondence on this issue:

         [IANA #754162]

You can also simply reply to this message, as this tag is already in 
the subject line.

Thank you,

The Internet Assigned Numbers Authority
iana-mime@iana.org

-------------------------------------------------------------------------

Name : Charles Plessy

Email : plessy@debian.org

MIME media type name : Application

MIME subtype name : Vendor Tree - vnd.debian.binary-package

Required parameters : None.

Optional parameters : 
None.

Encoding considerations : binary


Security considerations : 
Debian binary packages can contain scripts executing arbitrary commands during
installation, which is done with administrator privileges.  It is therefore
essential to trust the origin of the package.  The recommended way is to
download packages from Debian format repositories that are authenticated with a
trusted cryptographic key (see the manual page of apt-secure for details).  As
a lesser alternative for cases where secure package manager frontends (such as
APT, cupt, etc.) are not available, the package should be downloaded with
secured protocols such as HTTPS.  There also exists a mechanism for signing
packages directly (called ‘debsigs’), but it is not deployed.

The Debian binary package consists of an ‘ar’ archive (in old common format)
containing, amongst other things, compressed tar archives for the primary
package contents such as the files to be installed (see the ‘deb’ manual page
for details on the format); it is therefore possible to inspect them with
standard UNIX tools (although the recommended way is through the command
‘dpkg-deb’) without actually installing the package and therefore without
executing the package's scripts.  An estimate of the uncompressed size of the
package may be available in its ‘control’ file, but it can only be trusted if
the package itself is trusted (a malicious person can design a package
containing small compressed files that become extremely large after
decompression).

Since the Debian packages convey programs to be installed on a computer,
the monitoring of a user's downloads over non-secured transport protocols such
as HTTP or FTP may reveal information pertaining to the user's privacy, or
suggest information related to the system's security such as the precise
version numbers of programs in use.

Interoperability considerations : 
Arbitrary Debian binary packages can be installed on any system where the
‘dpkg’ package manager is used, but it is recommended to only install packages
that have been built for a release matching the distribution installed on the
system.

Published specification : 
http://manpages.debian.org/cgi-bin/man.cgi?query=deb&manpath=Debian+unstable+sid

Applications which use this media : 
The Debian binary packages are manipulated by system programs such as ‘dpkg’,
‘apt-get’, graphical front-ends such as ’Synaptic’ but also generic archive
decompressors such as ‘File Roller’.  After downloading a package with a web
browser or after clicking on its icon, front-ends or decompressors are usually
started.

Fragment identifier considerations :
None.

Restrictions on usage :
None.

Provisional registration? (standards tree only) :
Not applicable


Additional information :

1. Deprecated alias names for this type : application/x-debian-package, application/x-deb
2. Magic number(s) : Version 2.0 files start with: !<arch>\ndebian-binary
3. File extension(s) : deb, udeb
4. Macintosh file type code : None.
5. Object Identifiers: None.



Person to contact for further information :

1. Name : The Debian Policy mailing list
2. Email : debian-policy@lists.debian.org

Intended usage : Common
Common

Author/Change controller : The Debian Project <http://www.debian.org>



----- End forwarded message -----

Reply to:

Prev by Date: Re: Does partial upgrade between stable and testing must be supported ?
Next by Date: Re: default messaging/VoIP client for Debian 8/Jessie
Previous by thread: Bug#743753: ITP: python-posix-ipc -- semaphores, shared memory and message queues
Next by thread: Bug#743819: ITP: sysdig -- system-level exploration and troubleshooting tool
Index(es):
- Date
- Thread