Bug#888999: unbound-anchor: please move unbound-anchor from /usr/sbin to /usr/bin
Control: tag -1 + upstream Hello! On Wed, 31 Jan 2018 22:12:59 -0500 Daniel Kahn Gillmor wrote: Package: unbound-anchor Version: 1.6.7-1 Severity: wishlist the dns-root-data package's debian/rules uses unbound-anchor in its get_orig_source target. It currently specifies the path explicitly, because it shouldn't need to be run as root. This is a classic example of a program that doesn't need to be run as root living in /usr/sbin when it should live in /usr/bin. Let's let people rely on their standard $PATH without making brittle scripts. I'm fine with shipping a symlink from /usr/sbin/unbound-anchor so that we don't break existing brittle scripts, but we shouldn't encourage creation of more brittle scripts in the first place. Well yes, it appears to be that unbound-anchor does not need to be a "system" command, it is a user-callable command. But this is how upstream doe is, - and they ship unbound-anchor.8 manpage too. I don't know why it is done this way. Maybe it historically it were supposed to be run as a daemon to keep the file updated? It was definitely used by unbound itself to fetch the DNS root key, and now in Debian, dns-root-data package sits "between" unbound-anchor and the unbound daemon. Maybe we should talk with upstream for them to reconsider? I don't have an opinion here besides the fact that I want to have as few debian-specific changes as possible. Thanks, /mjt
Bug#888999: unbound-anchor: please move unbound-anchor from /usr/sbin to /usr/bin
Package: unbound-anchor Version: 1.6.7-1 Severity: wishlist the dns-root-data package's debian/rules uses unbound-anchor in its get_orig_source target. It currently specifies the path explicitly, because it shouldn't need to be run as root. This is a classic example of a program that doesn't need to be run as root living in /usr/sbin when it should live in /usr/bin. Let's let people rely on their standard $PATH without making brittle scripts. I'm fine with shipping a symlink from /usr/sbin/unbound-anchor so that we don't break existing brittle scripts, but we shouldn't encourage creation of more brittle scripts in the first place. --dkg -- System Information: Debian Release: buster/sid APT prefers testing-debug APT policy: (500, 'testing-debug'), (500, 'testing'), (500, 'oldstable'), (200, 'unstable-debug'), (200, 'unstable'), (1, 'experimental-debug'), (1, 'experimental') Architecture: amd64 (x86_64) Foreign Architectures: i386 Kernel: Linux 4.14.0-3-amd64 (SMP w/4 CPU cores) Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8), LANGUAGE=en_US.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Init: systemd (via /run/systemd/system) Versions of packages unbound-anchor depends on: ii libc62.26-4 ii libexpat12.2.5-3 ii libssl1.11.1.0g-2 ii libunbound2 1.6.7-1 unbound-anchor recommends no packages. unbound-anchor suggests no packages. -- no debconf information