Matthias Schwarzott <[EMAIL PROTECTED]> posted [EMAIL PROTECTED], excerpted below, on Wed, 20 Jun 2007 15:15:20 +0200:
> On Mittwoch, 20. Juni 2007, Olivier CrĂȘte wrote: >> >> I will claim that almost any file in /etc is potentially sensitive >> (even if it does not contain passwords, if may contain other >> informations interesting to a cracker). And even if we did what you >> propose, we'd run the risk of missing some and giving the user a false >> sense of security. >> >> Maybe we should document somewhere that the only way to make bin pkg >> that are safe for public distribution is to do emerge -b or -B .. And >> that pkgs built with quickpkg may contain sensitive information. > > If there is smart conf-file updating inside pkg_preinst(), I think even > emerge -b could be unsafe. If so, then something is broken. pkg_preinst is for stuff done to the /live/ file system (as opposed to the fake install, which is what's packaged), according to the ebuild (5) manpage. As such, it should be done when the binary package is actually merged (qmerged), since said binary package may be (and often is) installed to a system other than the one it was compiled on. If pkg_preinst is modifying as-shipped bin-pkg config files based on the "live" filesystem of the build system, not the target system, something's seriously broken. If it's not, then it's not unsafe after all, at least not in this context. In this regard, -b/-B behavior should be identical. -- Duncan - List replies preferred. No HTML msgs. "Every nonfree program has a lord, a master -- and if you use the program, he is your master." Richard Stallman -- [EMAIL PROTECTED] mailing list
