[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

--no-run option (was: Re: red worm amusement)

On Sun, 22 Jul 2001, Steven Barker wrote:

> I think that there should be a way to install a debian server packages
> without having the installation scripts start the server.  This need not be
> default, but it should be possible.

Why should anyone want to install a server without letting it run?

The standard-config is normally sane, and when you do not think so, place
another config-file there before installing it. ( If you are that paranoic
you should not only do ar -x xxx.deb ; tar -xzf data.tgz etc/configfile ,
but also check the whole package before installing it).

> would download, install and configure apache, but not run it.  When the
> sysadmin was satisfied with the configureation files, etc, then update-rc.d
> and such could be run by hand (or by another call to apt-get/dpkg with
> another flag).

Not adding rc.d-Links is really ridicilous. If you have an computer, that
justs boots after installing without the chance to change links, than you
should plug-out the network-cable so or so.

> This would have to be both a policy change and a technical change in apt
> and/or dpkg.  I think it would be a good compromise between security and the
> simplicity of apt-get install foo.

I do not see a nesecarity for it. Though if you want to supply patches to
carry an --no-run in dpkg to some environment-variable to the script and
and patch to dh_xxx to check this, go ahead, but there are important and
senseful thing to do.

  Bernhard R. Link

Reply to: