[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Bug#405997: should executables be permitted to update themselves?

On Sun, 14 Jan 2007 00:26:15 -0500, Michael Gilbert wrote:
> is there a policy on whether an executable is permitted to update itself?  i
> personally believe that in order to maintain the security of the system, apt
> and apt alone should be used to install software updates.  recently i
> submitted a bug on azureus about how it should not urge users to install
> updates outside of apt (http://bugs.debian.org/405997), which was quickly
> closed by the maintainer.  his reasoning was that users should be given the
> choice of using apt or the built-in updater.  was this bug handled
> correctly?

How does the azureus package work around the fact that only root can write
to the package files?

BTW, if you and the maintainer cannot agree on this you can reassign the
bug to tech-ctte, but that is really only an option of last resort. It is
better to bring the maintainer around to your point of view.

If it were up to me, I would modify azureus to merely notify that a new
upstream version is available, but disable the code that actually performs
the update. Then I would make this functionality optional and disabled by
default (one more setting in a program that already has 300 is not going
to hurt).

Sam Morris

PGP key id 1024D/5EA01078
3412 EA18 1277 354B 991B  C869 B219 7FDB 5EA0 1078

Reply to: