On Sun, 2023-11-26 at 15:52 +1100, Dmitry Smirnov wrote:
> https://salsa.debian.org/debian/smartmontools/-/commit/625f38bc
Thanks :-)
And sorry again for the noise and not having checked --install in
detail before reporting.
Cheers,
Chris
Hey Paul.
On Sun, 2023-11-26 at 11:01 +0800, Paul Wise wrote:
> BTW Chris, I imagine you might have some issues for this page:
>
> https://wiki.debian.org/PrivacyIssues
In which respect?
AFAICS that page is mainly about privacy (in the sense of calling
home).
My main concern is rather
On Sunday, 26 November 2023 12:39:09 PM AEDT Christoph Anton Mitterer wrote:
> Nevertheless, do you think it would possible to adapt it to check
> whether update-smart-drivedb is executable and if not fall back to the
> old code?
>
> Background is that at the university cluster I administrate we
On Sun, 2023-11-26 at 12:23 +1100, Dmitry Smirnov wrote:
> On Sunday, 26 November 2023 4:56:03 AM AEDT Christoph Anton Mitterer wrote:
> > Even if the downloader tool does everything right (which is actually quite
> > difficult if one assumes things like replay or blocking attacks), there's
> >
On Sun, 2023-11-26 at 02:39 +0100, Christoph Anton Mitterer wrote:
> Nevertheless, do you think it would possible to adapt it to check
> whether update-smart-drivedb is executable and if not fall back to the
> old code?
This seems reasonable to me.
I would also suggest using --quiet in the
Control: severity -1 normal
Control: tags - security
Hey.
On Sun, 2023-11-26 at 12:23 +1100, Dmitry Smirnov wrote:
> I think you misunderstood that invocation of `update-smart-drivedb`
> in postinst is an equivalent of
>
> ```
> cp -f /usr/share/smartmontools/drivedb.h
>
On Sunday, 26 November 2023 4:56:03 AM AEDT Christoph Anton Mitterer wrote:
> The most recent upgrade forces people to use
> update-smart-drivedb by doing it already in the postinst and not leaving it
> up to the user whether he wants to use such a tool.
>
> Security-wise this is really a bad
On Sat, 25 Nov 2023 18:56:03 +0100 Christoph Anton Mitterer wrote:
> The most recent upgrade forces people to use
> update-smart-drivedb by doing it already in the postinst and not leaving it
> up to the user whether he wants to use such a tool.
>
> Security-wise this is really a bad idea.
>
>
If you really insist on having that functionality, wouldn't it be
anyway better to:
- Add a systemd.timer that regularly (perhaps weekly?) calls
update-smart-drivedb instead of doing it only once in postinst,
where it's unlikely to be of much use, because the package was just
upgraded, so
Package: smartmontools
Version: 7.4-1
Severity: grave
Tags: security
Justification: user security hole
X-Debbugs-Cc: Debian Security Team
Hey.
The most recent upgrade forces people to use
update-smart-drivedb by doing it already in the postinst and not leaving it
up to the user whether he wants
10 matches
Mail list logo
