Re: Merging libnss-dns-udeb and libnss-files-udeb back into libc6-udeb
On Sun, Mar 13, 2016 at 02:26:26AM +0100, Aurelien Jarno wrote:
> For historical reason, disk space on boot floppies, the libnss_dns.so.2
> and libnss_files.so.2 libraries are in separate udeb packages, namely
> libnss-dns-udeb and libnss-files-udeb. This is not the case of the deb
> package, where everything is in the libc6 package.
>
> In practice these libraries are really small by nowadays standards (22kB
> and 47kB uncompressed), and moreover libnss-dns-udeb is already included
> in all images. In addition these libraries are tightly coupled to the
> libresolv library which is in libc6-udeb. The recent CVE-2015-7547 has
> shown that, and Ubuntu hit a bug by having the two out of sync in their
> installer [1]. We would have got the same if debian-installer was pulling
> its udeb from debian-security.
>
> That's why I would like to propose to merge back libnss-dns-udeb and
> libnss-files-udeb back into libc6-udeb. The idea is to make libc6-udeb
> to provide them, it seems udpkg supports that. The only packages having
> a dependency on libnss-files-udeb are espeakup-udeb, rdnssd-udeb,
> open-iscsi and openssh-client-udeb, and none of them has a versioned
> dependency. None of the udeb have a dependency on libnss-files-udeb.
>
> Any opinion on that?
It sounds like a good idea to me. :)
Kind regards
Philipp Kern
Reply to: