From: [EMAIL PROTECTED]
> A. How can one install debian packages without giving superuser
> privelages to the person who assembled the package?
Currently, you can not do so. This might be desirable for some restricted
set of packages that do not need any privileges. It is useless for "system"
packages, as root comes along and runs the programs in the package once you
have installed them. Even in the case of programs that root never runs,
users come along and run those programs, and the programs can then wreak
havoc with the user's files and directories, and perhaps even use the user's
privileges to leverage their way up to root privilege.
While unprivileged packages are interesting, I think we should also consider
how to verify that a Debian package comes from a trusted source. This may
include verifying the identity of the package maintainer, and tracing the
original source back to its author. We have discussed these security issues
quite thoroughly, and we are working on them.
> B. How can one cleanly remove a debian package?
> C. How can one cleanly remove a debian package that failed to install?
dpkg -r package-name
> I think the answers to these questions are serious enough to decide
> whether Debian linux will grow or die.
Actually, they are serious enough to decide if some number of people will
remove Debian from their systems and replace it with something else before
the Debian maintainers themselves become interested enough in these issues
to change them. Debian has reached the point where its growth does not hinge
upon technical features like the ones above so much as its user and
developer community.
Thanks
Bruce
--
Bruce Perens K6BP [EMAIL PROTECTED] 510-215-3502
Finger [EMAIL PROTECTED] for PGP public key.
PGP fingerprint = 88 6A 15 D0 65 D4 A3 A6 1F 89 6A 76 95 24 87 B3
