On Wed, Sep 03, 2008 at 10:27:02AM +0200, Holger Levsen wrote: > I read in this bugreport that it would be a good idea to use debtags to > indicate whether a package installs remotely accessable services or not. (The > other modifications suggested in this bugreport are mostly prohibited by > policy) > > Does such a tag exist? If so, please close this bugreport, if not, please > create one :-)
Enrico pointed out to me that this request is a bit like the Android app permission system, where before you install a package you are told what kind of things it may do to you or your device. I think the comparison is very useful in framing this request in a more understandable situation. I could easily add a new set of tags to debtags to represent this information, but if there is no enforcing of those tags, then the information would be useless. What I mean is: is there was a way not to allow a package to listen to external interfaces unless it had a "permission::listen-external" tag, then the system would work. But without being able to enforce the tag that way, there is no way to guarantee that a package NOT having the tag isn't actually listening to an external interface. Therefore even if I added the tags, they would be useless. Without some other form of enforcement, Debtags cannot be used for scenarios in which NOT having a tag conveys useful information. With something like permissions, not having a tag is as important a piece of information as having it. Maybe when SELinux or similar things are more mainstream, one can enable specific policies for a package based on declared needs? But then that would be needed on a binary-by-binary basis, not a package-by-package basis. I agree that what gambarimasu requested would be a great addition to Debian, but I cannot see a way for it to happen anytime soon. It's certainly not something I can address with Debtags. I'll mark this bug wontfix; feel free to remove the wontfix tag and reassign it to some more useful place, if you can think of one. Ciao, Enrico -- GPG key: 4096R/E7AD5568 2009-05-08 Enrico Zini <[email protected]>
signature.asc
Description: Digital signature
