Hello David,
thank you for spending your time helping to make Debian better with this bug report. I already thought about splitting the packages during the transition to libsane1. Unlike cups, which hardly makes sense without a daemon, saned is not absolutely necessary. Also, saned is not activated by default during installation. So I don't see any problem in the installation, even from a security point of view. As in bug #987800, I therefore see no reason for splitting. So I close this bug. CU Jörg -- New: GPG Fingerprint: 63E0 075F C8D4 3ABB 35AB 30EE 09F8 9F3C 8CA1 D25D GPG key (long) : 09F89F3C8CA1D25D GPG Key : 8CA1D25D Jörg Frings-Fürst D-54470 Lieser git: https://jff.email/cgit/ Threema: SYR8SJXB Skype: joergpenguin Telegram: @joergfringsfuerst My wish list: - Please send me a picture from the nature at your home. Am Montag, dem 07.02.2022 um 03:09 -0500 schrieb David Ward: > Package: sane-utils > Version: 1.1.1-1 > > saned is a daemon used to share scanners over the networks. > > This belongs in its own package. Users should be able to install and > run the other command-line utilities - in particular, scanimage - > without installing saned (even if it is disabled). This is analogous > to cupsd, which is provided in a separate package from the rest of > CUPS. > > As with any daemon, there is an attack surface with saned*. Also note > that there are Debian-based containers which make use of scanimage > but not saned, and these could benefit from splitting it. > > > I would suggest this be achieved as follows: > > 1) move all files related to saned out of "sane-utils", and into a > new package named "sane-dameon"; > 2) move all remaining files out of "sane-utils", and into a new > package named "libsane-utils"; > 3) retain "sane-utils" as a virtual package that depends on both > packages above, to ensure upgrades work as expected. > > > Thank you, > > David > > > * https://www.debian.org/lts/security/2017/dla-940.en.html
signature.asc
Description: This is a digitally signed message part
