--no-run option (was: Re: red worm amusement)
On Sun, 22 Jul 2001, Steven Barker wrote:
> I think that there should be a way to install a debian server packages
> without having the installation scripts start the server. This need not be
> default, but it should be possible.
Why should anyone want to install a server without letting it run?
The standard-config is normally sane, and when you do not think so, place
another config-file there before installing it. ( If you are that paranoic
you should not only do ar -x xxx.deb ; tar -xzf data.tgz etc/configfile ,
but also check the whole package before installing it).
> would download, install and configure apache, but not run it. When the
> sysadmin was satisfied with the configureation files, etc, then update-rc.d
> and such could be run by hand (or by another call to apt-get/dpkg with
> another flag).
Not adding rc.d-Links is really ridicilous. If you have an computer, that
justs boots after installing without the chance to change links, than you
should plug-out the network-cable so or so.
> This would have to be both a policy change and a technical change in apt
> and/or dpkg. I think it would be a good compromise between security and the
> simplicity of apt-get install foo.
I do not see a nesecarity for it. Though if you want to supply patches to
carry an --no-run in dpkg to some environment-variable to the script and
and patch to dh_xxx to check this, go ahead, but there are important and
senseful thing to do.
Bernhard R. Link