[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: RFS: softbeep (updated package)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- -=| Thijs Kinkhorst, 27.01.2007 19:11 |=-
> On Sat, 2007-01-27 at 00:08 +0100, Florent Rougon wrote:
>>> IMHO, this is something that makes 3.7.2.0 and 3.7.2.2 two non-equal
>>> Policy versions. I wonder why wasn't this 3.7.3.0 instead?
>> Hmmm... maybe because the "should" in 3.7.2.0 was actually obviously a
>> "must" for security reasons?
> 
> Exactly... since it's plain stupid to have these files world-writable,
> it is a "bug" in the text that it was not written that way, not a change
> of what you should do. You should already not make these world-writable
> of course.

Sure.

I simply wondered how s/should/must/ can be considered editorial change,
as "should" presents a recommendation, as "must" states a strict rule.

I didn't find any lintian check on this matter so how can you tell what
part of the archive is affected? With "editorial" revision maintainers
may not be aware of the problem.

Of course, I very much hope that the count of packages with
world-writeable maintainer scripts is zero, but would like to be sure.
Making the change non-"editorial" and implementing a check in lintian
would help towards this. I'll file a bug for lintian these days.


	dam
- --
Damyan Ivanov                           Modular Software Systems
dam@modsoftsys.com
phone +359(2)928-2611, 929-3993              fax +359(2)920-0994
mobile +359(88)856-6067                  dam@jabber.minus273.org
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQFFvHuDHqjlqpcl9jsRAlCOAKCXTMWJIB8RLjbxljh94ui6hQejlACcCpL8
oVf3uxbOEHkexh36QxHOvpk=
=5U0K
-----END PGP SIGNATURE-----
Reply to: