Hello, On Fri, 22 Mar 2013 19:51:08 +0100 Ricardo Mones <mo...@debian.org> wrote:
> > Policy §12.3 doesn't require you to compress example scripts. It's > > not plain text documentation, it's sample code. > True, only say they should be compressed. Anyway, since they're > examples there's nothing wrong in compress them to save space as > policy recommends. In fact, the Policy says nothing about compressing examples at all (see §12.6). > > > And this also makes you sure you don't have a random executable > > > script in /usr/share/doc ready to be exploited. > > Don't put random executable scripts into /usr/share/doc then. > They're not executable: Well, actually that would be good if they were. Anyway, if they were uncompressed, I could at least run them as 'sh /usr/share/doc/.../...sh' or something like that. What I actually meant is this: i) If tha package maintainer puts scripts into the package, he at least checked that they're fine and 'not random'. ii) As those scripts are in a separate package, and I install it deliberately, I *do* want to run them without any annoying extra operations. Otherwise why do I need the package at all? I could have downloaded those scripts myself then. iii) Those scripts aren't more exploitable than rm, for example, or wget. Both can do lots of harm if exploited properly. But considering (i) and (ii) this isn't of much importance at all. -- WBR, Andrew
signature.asc
Description: PGP signature
