Package: pybridge-server
Version: 0.3.0-3
Severity: normal
It's a bit weird that pybridge-server, unlike most server programs in
Debian, doesn't supply an init script but instead requires you to run it
in the foreground.
I think it should be set up by default with an init script, which would
also require:
* Running in the background. (Personally I'd prefer this to be the
default, and for there to be a separate option to run it in the
foreground, although I imagine you'd want to take this up with
upstream.)
* Sending log messages to syslog when running in the background.
* Storing the database somewhere under /var/lib/games/ when started as
root, and the configuration somewhere in /etc/.
Running this by default would be fine from a security point of view, I
think, since we can expect that people who install pybridge-server
generally want to run it. However, running it as root will take some
care: the server should drop privileges, and perhaps just hold open a
file descriptor pointing to its database which it opens before dropping
privileges. Alternatively, you could create a pybridge user and run the
server as that user. There should be some careful thought here, and the
Debian Games Team can probably help since this is a relatively standard
set of problems for them (I'm not involved there directly).
Thanks,
--
Colin Watson [cjwat...@debian.org]
--
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
