Re: Bug#753704: Aw: Re: Bug#753704: ITP: amap -- Next-generation scanning tool for pentesters
On Mon, Jul 07, 2014 at 11:12:23PM -0700, Vincent Cheng wrote:
> On Mon, Jul 7, 2014 at 9:48 AM, costamagnagianfranco@yahoo.it
> <costamagnagianfranco@yahoo.it> wrote:
> >
> > Hi Steffen and all,
> >
> > today while talking with a backbox project administrator I discovered that
> > popular tools such as openvas directly calls the amap binary.
> >
> > I never talked with them, but I don't think it is feasible to ask to every
> > security tool provider to patch their code for the only debian benefit.
> >
> > I think I'm then changing again my opinion: the conflict field might be the
> > only proper way to be sure such popular tools (not packaged in debian and
> > some of them not even free) continue to work.
> >
> > Is this one a good reason for a conflict?
>
> Again, according to Policy 10.1, as well as precedent that was established by
> the CTTE decision regarding the namespace collision between ax25-node vs.
> nodejs, no, it isn't; your argument is no different from that of the nodejs
> maintainers, arguing that /usr/bin/node should be taken over by nodejs simply
> because it's already widely used by the nodejs community.
>
> If you feel strongly enough about this issue, I'd suggest filing a bug
> against debian-policy, going through the process and gathering consensus to
> change 10.1 (e.g. perhaps by weakening it to a "should" instead of a "must",
> or by proposing a carefully-worded exception to existing policy).
But just to be clear, the odds of changing policy are vanishingly small.
Rename the binary in Debian, do whatever foo is necessary to provide a PATH
that doesn't rename the binary that can be injected in the right place for
callers/environments that won't accept a renamed binary, or give up on
packaging it in Debian.
--
Jonathan Dowland
Reply to: