Jörg — a friendly reminder that this pull request is ready for review. (See the bottom of this message).
Please refer to our earlier discussion below; I have added a comment. On Mon, 07 Feb 2022 at 19:17:48 -0500, David Ward wrote: > On Mon, 07 Feb 2022 at 23:35:49 +0100, Jörg Frings-Fürst wrote: > > On Mon, 07 Feb 2022 at 03:09:25 -0500, David Ward wrote: > > > saned is a daemon used to share scanners over the network. > > > > > > This belongs in its own package. Users should be able to install > > > and run the other command-line utilities — in particular, > > > scanimage — without installing saned (even if it is disabled). > > > This is analogous to cupsd, which is provided in a separate > > > package from the rest of CUPS. > > > > > > As with any daemon, there is an attack surface with saned [*]. > > > Also note that there are Debian-based containers which make use of > > > scanimage but not saned, and these could benefit from having them > > > in separate packages. > > > > > > > > > I would suggest this be achieved as follows: > > > > > > 1) move all files related to saned out of "sane-utils", and into a > > > new package named "sane-dameon"; > > > 2) move all remaining files out of "sane-utils", and into a new > > > package named "libsane-utils"; > > > 3) retain "sane-utils" as a virtual package that depends on both > > > packages above, to ensure upgrades work as expected. > > > > > > > > > [*] https://www.debian.org/lts/security/2017/dla-940.en.html > > > > I already thought about splitting the packages during the transition > > to libsane1. > > > > Unlike cups, which hardly makes sense without a daemon, saned is not > > absolutely necessary. > > That is exactly why we should split it out as a separate package. > > The user should be able to choose not to install saned, without that > choice preventing the user from running scanimage. I would very kindly > point out that Fedora and Red Hat do split these out as separate > packages. > > > Also, saned is not activated by default during installation. So I > > don't see any problem in the installation, even from a security > > point of view. > > That is not the reality of how organizations approach security though. > Even if the daemon is not activated, it may still be a compliance > issue to have a daemon with a known vulnerability present on the > system at all. It is best to not install daemons that are never used, > in order to reduce the amount of time spent applying security updates > to unused software. In the Securing Debian Manual, section 3.6 — "Install the minimum amount of software required" — explains this using the same reasoning. https://www.debian.org/doc/manuals/securing-debian-manual/ch03s06.en.html "Since you already know what the system is for (don't you?) you should only install software that is really needed for it to work. Any unnecessary tool that is installed might be used by a user that wants to compromise the system or by an external intruder that has gotten shell access (or remote code execution through an exploitable service)." > This also did not address my point about Debian-based Docker > containers which use scanimage, such as scanservjs. Containers often > try to include only the minimum software required, and typically they > do not even have systemd or any init system. Can you please review the pull request below? (See the "Merge workflow" described in gitworkflows(7): to apply these changes, you can simply run "git pull https://salsa.debian.org/dpward/sane-backends.git develop".) Thank you, David -- The following changes since commit fc21048b997b1515a98c5c26fbf2501bdab207f1: Merge tag 'debian/1.1.1-4' into develop (2022-02-28 08:16:14 +0100) are available in the Git repository at: https://salsa.debian.org/dpward/sane-backends.git develop for you to fetch changes up to b8466bacadf79f655b69b4ca8c03a9aef103a05f: Split sane-utils package into sane-daemon and libsane-utils (2022-03-10 17:30:08 -0500) ---------------------------------------------------------------- David Ward (6): Remove remaining support for RUN parameter in sysvinit service d/rules: Replace override_dh_installman-* with explicit file lists d/rules: Use override_dh_auto_install-arch for removing rpaths d/*.README.Debian: Fix references to the libsane1 package d/*.README.Debian: Adjust to reflect current permissions Split sane-utils package into sane-daemon and libsane-utils
