Bug#677834: writes to /usr/share/jed/lib during postinst
On Mon, Jun 18, 2012 at 10:52:36AM +0200, Guenter Milde wrote: I am not sure whether this is a policy violation, but it is most probably a surprise for most users. In Debian I expect all files under /usr to come from packages, and thus be static. This is not the case for the *.slc files that are written to /usr/share/jed/lib during postinst with a call to /usr/share/jed/compile/jed-common install. The *.slc files are bye-compiled versions of the corresponding *.sl files in the packages jed-common and jed-extra. Placing them alongside the sources is common practice and prevents surprises when customizing the editor (using a custom jed-library-path, using drop-in replacements from jed-extra or locally installed). It might be easy for packaging, but is confusing for users. One usually expects that dpkg --search is able to give an owner for every file under /usr sans /usr/local. The same scheme is used by Python-2 packages: the generated *.pyc files are stored alongside the *.py source under usr/lib/... python-support tries hard to place those files in /var, but not all packages do already use it. In my expectations, such files should be in /var/lib since they're variable data and not registered with the packaging system. The byte-compiled filea are no more variable than the rest of the package, as they are only generated/deleted when the package is (de)installed or updated. But they do not originate from a package, cannot have their checksum verified, dpkg --search doesn't find them. All of those are usually signs for a file that was put there in an unauthorized way, and one cannot find out whether it was a dumb colleague, a postinst or an attacker. Greetings Marc -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#677834: writes to /usr/share/jed/lib during postinst
+++ Marc Haber [2013-11-25 09:10 +0100]: On Mon, Jun 18, 2012 at 10:52:36AM +0200, Guenter Milde wrote: I am not sure whether this is a policy violation, but it is most probably a surprise for most users. In Debian I expect all files under /usr to come from packages, and thus be static. This is not the case for the *.slc files that are written to /usr/share/jed/lib during postinst with a call to /usr/share/jed/compile/jed-common install. The *.slc files are bye-compiled versions of the corresponding *.sl files in the packages jed-common and jed-extra. Placing them alongside the sources is common practice and prevents surprises when customizing the editor (using a custom jed-library-path, using drop-in replacements from jed-extra or locally installed). In my expectations, such files should be in /var/lib since they're variable data and not registered with the packaging system. The byte-compiled filea are no more variable than the rest of the package, as they are only generated/deleted when the package is (de)installed or updated. But they do not originate from a package, cannot have their checksum verified, dpkg --search doesn't find them. All of those are usually signs for a file that was put there in an unauthorized way, and one cannot find out whether it was a dumb colleague, a postinst or an attacker. You are quite right that it would be nicer for these files to be under /var. However, the current state has presumably been true for over a decade so this is not a new problem, and the jed packages are now in life-support maintenance mode. So, whilst fixing this would be nice, I'm not sure anyone is really going to make the effort to change the way this works at the late stage in the packages' life. If you/someone supplies good patches then this can get fixed, otherwise it'll probably stay as it is. Wookey -- Principal hats: Linaro, Emdebian, Wookware, Balloonboard, ARM http://wookware.org/ -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#677834: writes to /usr/share/jed/lib during postinst
On Mon, Nov 25, 2013 at 11:16:11AM +, Wookey wrote: the jed packages are now in life-support maintenance mode. Why? I don't feel that jed is dead? Why should it be dead? Greetings Marc -- - Marc Haber | I don't trust Computers. They | Mailadresse im Header Mannheim, Germany | lose things.Winona Ryder | Fon: *49 621 31958061 Nordisch by Nature | How to make an American Quilt | Fax: *49 621 31958062 -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#677834: writes to /usr/share/jed/lib during postinst
On 25.11.13, Marc Haber wrote: On Mon, Nov 25, 2013 at 11:16:11AM +, Wookey wrote: the jed packages are now in life-support maintenance mode. Why? I don't feel that jed is dead? Why should it be dead? It seems my mails to the people doing the last non-maintainer update went unnoticed or got missed. This led to the impression that there is no maintainer left. I.e. while Jed is not dead, packaging for Debian is threatened. Günter -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#677834: writes to /usr/share/jed/lib during postinst
On Mon, Nov 25, 2013 at 05:53:51PM +0100, Guenter Milde wrote: On 25.11.13, Marc Haber wrote: On Mon, Nov 25, 2013 at 11:16:11AM +, Wookey wrote: the jed packages are now in life-support maintenance mode. Why? I don't feel that jed is dead? Why should it be dead? It seems my mails to the people doing the last non-maintainer update went unnoticed or got missed. This led to the impression that there is no maintainer left. I.e. while Jed is not dead, packaging for Debian is threatened. You, Guenter, are listed as uploader, so there is an active maintainer. I have not read from Jörg in some time, yes. The last non-maintainer upload was done by gregor hermann, but why do you need to get in touch with him? Greetings Marc -- - Marc Haber | I don't trust Computers. They | Mailadresse im Header Mannheim, Germany | lose things.Winona Ryder | Fon: *49 621 31958061 Nordisch by Nature | How to make an American Quilt | Fax: *49 621 31958062 -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#677834: writes to /usr/share/jed/lib during postinst
On 17.06.12, Marc Haber wrote: Package: jed-common Version: 1:0.99.19-2.1 Severity: normal I am not sure whether this is a policy violation, but it is most probably a surprise for most users. In Debian I expect all files under /usr to come from packages, and thus be static. This is not the case for the *.slc files that are written to /usr/share/jed/lib during postinst with a call to /usr/share/jed/compile/jed-common install. The *.slc files are bye-compiled versions of the corresponding *.sl files in the packages jed-common and jed-extra. Placing them alongside the sources is common practice and prevents surprises when customizing the editor (using a custom jed-library-path, using drop-in replacements from jed-extra or locally installed). The same scheme is used by Python-2 packages: the generated *.pyc files are stored alongside the *.py source under usr/lib/... In my expectations, such files should be in /var/lib since they're variable data and not registered with the packaging system. The byte-compiled filea are no more variable than the rest of the package, as they are only generated/deleted when the package is (de)installed or updated. Günter -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#677834: writes to /usr/share/jed/lib during postinst
Package: jed-common Version: 1:0.99.19-2.1 Severity: normal I am not sure whether this is a policy violation, but it is most probably a surprise for most users. In Debian I expect all files under /usr to come from packages, and thus be static. This is not the case for the *.slc files that are written to /usr/share/jed/lib during postinst with a call to /usr/share/jed/compile/jed-common install. In my expectations, such files should be in /var/lib since they're variable data and not registered with the packaging system. Greetings Marc -- System Information: Debian Release: wheezy/sid APT prefers unstable APT policy: (500, 'unstable') Architecture: amd64 (x86_64) Kernel: Linux 3.4.2-zgws1 (SMP w/8 CPU cores; PREEMPT) Locale: LANG=C, LC_CTYPE=C (charmap=ANSI_X3.4-1968) Shell: /bin/sh linked to /bin/dash Versions of packages jed-common depends on: ii dpkg 1.16.4.2 ii install-info 4.13a.dfsg.1-10 ii slsh 2.2.4-13 Versions of packages jed-common recommends: ii jed 1:0.99.19-2.1 ii xjed 1:0.99.19-2.1 Versions of packages jed-common suggests: ii jed [info-browser]1:0.99.19-2.1 ii jed-extra [info-browser] 2.5.6-2 ii konqueror [info-browser] 4:4.8.4-1 ii pinfo [info-browser] 0.6.9-5.1 ii xjed [info-browser] 1:0.99.19-2.1 -- no debconf information -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
