[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Safer package installation


	May I remind people that Debian does not depend on any
 de-install scripts written by package developers, which could have
 bugs and throw the whole system into chaos (which is just one of the
 reasons behind the desire to have a secure package installation).

	So, deinstallation on Debian is already a snap. (Or in any
 case, no worse than the remove symlinks method would be. May I point
 out that the simplistic find /remove process is itself a security
 loophole; but doubtless an actual implementation could try taking
 care of that.)

	IMHO, dpkg provides most of the security functionality that
 the "install under /opt and then symlinc into normal areas" would.

	What do we really gain? You are in effect asking us to change
 the core of what is our package management system; you have to
 demonstrate your method is actually more secure than dpkg (I admit,
 the current default of having --force turned on is bad, but the
 default can be changed).

	You don't yet have a prima faecie case

 who has been watching Perry Mason re-runs.
 Never simply say, "Sorry, we don't have what you are looking for."
 Always say, "Too bad, I just sold one the other day."  -- Robert
Manoj Srivastava               <url:mailto:srivasta@acm.org>
Mobile, Alabama USA            <url:http://www.datasync.com/%7Esrivasta/>

Reply to: