Re: Purposely broken/uninstallable packages in archive

[Steve Greenland]

On 20-Sep-01, 20:30 (CDT), Brian May <[EMAIL PROTECTED]> wrote: 
> I made it a *.deb package, because that allows you to use apt-get to
> automatically upgrade the package on a *nfs root* partition to the
> latest version.

(Brian, thanks for the explanation. That was a lot more useful than "you
want boot floppies, dontcha?")

But why are they are in the main archive? Apt-get supports specifing
different alternative sources.list files from the command line, which
would allow these packages to live in a "non-public" part of the
archive.

Steve

-- 
Steve Greenland <[EMAIL PROTECTED]>

Re: Bug#112723: Purposely broken/uninstallable packages in archive

[Junichi Uekawa]

Brian May <[EMAIL PROTECTED]> immo vero scripsit

> In practise, it might be perfectly safe to install on a normal
> partition. Just that there is no point.  

I think it replaces /sbin/init, so it's not harmless..


Thinking about the merits of having diskless nodes being
able to upgrade, is an important plus.

I think the way to go is to have a Pre-Depends: (or 
is Depends: enough for not allowing packages to install
without something?) on a specific symbol, which is only
available inside the NFS system.




regards,
junichi



-- 
[EMAIL PROTECTED]  http://www.netfort.gr.jp/~dancer

Re: Purposely broken/uninstallable packages in archive

[Brian May]

> "Norbert" == Norbert Veber <[EMAIL PROTECTED]> writes:

Norbert> From the description of diskless-image-simple: WARNING:
Norbert> This package can and will break your computer. Do not
Norbert> install manually. It should only be installed via the
Norbert> diskless-newimage, part of the diskless package.

Norbert> Why are such things allowed into the archive?  Will these
Norbert> things ever even make it into testing given that they are
Norbert> uninstallable?

Hello,

I no longer maintain diskless-*, but I originally came up with this
idea, so thought I probably should justify my (perhaps broken )
reasons here. IIRC, I posted my reasons on this mailing list
previously, surprisingly though, nobody responded.

Norbert> IMHO. this is a completelly wrong way of going about
Norbert> this.  These packages contain data used by other

Not quite.

It is a package that is designed to get installed on a NFS-root image,
in order to setup the root image in such a way to facilitate booting
on a remote machine.

I made it a *.deb package, because that allows you to use apt-get to
automatically upgrade the package on a *nfs root* partition to the
latest version.

Not only that, but the postinst scripts and postrm scripts will
automatically run, setting up the base directories (especially the
case for diskless-image-secure) using symlinks, etc, required for the
image (I can't remember now what it does, it has been ages).

That means, completely different image layouts can be archived (at
least in theory) only by changing the diskless-image-* package.

In practise, it might be perfectly safe to install on a normal
partition. Just that there is no point.  Also you run the risk that if
installation is interrupted at any time, it will only be half done,
resulting it, say, /var not existing any more (as IIRC, it gets moved
in order to replace it with a symlink). So, why run the risk only to
get a very non-standard system if there is no benefit?  Hence the
warning. In fact, I think there is a primitive check inside the
postinst script to ensure it isn't installed unless everything looks
OK.

Perhaps a better way would be to somehow include the deb packages in
diskless.deb, and somehow upgrade them from diskless.deb. This is
something I was thinking of at the time, but instead gave up
maintainership of the package, since I no longer have time to play
around with diskless systems.

Anyway, I hope this helps explain the situation a bit better. It is
now up to Junichi Uekawa <[EMAIL PROTECTED]> (the new maintainer) to
answer the ifs, whats, whens, and whys about dealing with this bug
report.
-- 
Brian May <[EMAIL PROTECTED]>

Re: Purposely broken/uninstallable packages in archive

[Ethan Benson]

On Thu, Sep 20, 2001 at 09:58:16AM -0400, Norbert Veber wrote:
> 
> If its not to be installed, it should not be in the archive.  This is like
> going to a restaurant and being told not to eat a certain dish under any
> circumstances because you'll get food poisoning.. :)
> 
> Clearly these pacakges are 'data' files, and should be treated as such. 
> They could just as easily be .tar files (or any format, including .deb) 
> inside of an INSTALLABLE .deb..

do you want boot-floppies or not?  because that won't work with
boot-floppies.  

until the next release after woody when debian-installer may become
viable you have to live with these -bf packages as they currently
exist.  

-- 
Ethan Benson
http://www.alaska.net/~erbenson/


pgpxi2U3XK3cG.pgp
Description: PGP signature

Re: Purposely broken/uninstallable packages in archive

[Eduard Bloch]

#include 
Norbert Veber wrote on Thu Sep 20, 2001 um 09:58:16AM:

> If its not to be installed, it should not be in the archive.  This is like
> going to a restaurant and being told not to eat a certain dish under any
> circumstances because you'll get food poisoning.. :)

What is the problem? The -bf versions are either not dangerous, or the
conflict with their big brothers which are essential (like e2fsprogs),
so they cannot be installed unless the user has been warned explicitely.
And even then, some people maybe want to install the reduced-size
packages because of small harddisk or so (like parted-bf).

Gruss/Regards,
Eduard.
-- 
Diese Message wurde erstellt mit freundlicher Unterstützung eines frei-
laufenden Pinguins aus artgerechter Freilandhaltung.  Er ist garantiert
frei von Micro$oft'schen Viren.


pgpxlAp91e5Gx.pgp
Description: PGP signature

Re: Purposely broken/uninstallable packages in archive

[Steve Greenland]

On 19-Sep-01, 18:16 (CDT), Ethan Benson <[EMAIL PROTECTED]> wrote: 
> read the description for xfsprogs-bf and e2fsprogs-bf, your NOT
> SUPPOSED to install them.  we need them for boot-floppies.  

Fine. Why are they in the main archive? If it's so that the bf can
access them over the net, then they can and should go into a special
archive.

Steve

-- 
Steve Greenland <[EMAIL PROTECTED]>

Re: Purposely broken/uninstallable packages in archive

[Norbert Veber]

On Wed, Sep 19, 2001 at 03:16:13PM -0800, Ethan Benson wrote:
> On Wed, Sep 19, 2001 at 11:01:24AM -0400, Norbert Veber wrote:
> > packages such as diskless-image-secure, diskless-image-simple, xfsprogs-bf,
> > e2fsprogs-bf should automatically qualify for grave or even critical bugs
> > for breaking your system if installed.
> 
> read the description for xfsprogs-bf and e2fsprogs-bf, your NOT
> SUPPOSED to install them.  we need them for boot-floppies.  
> 
> with at least the -bf packages the user has to explicity type `yes
> please wreck my system' or something like that into apt before it will
> proceed, if they are that determined to shoot thier own foot, let them.

If its not to be installed, it should not be in the archive.  This is like
going to a restaurant and being told not to eat a certain dish under any
circumstances because you'll get food poisoning.. :)

Clearly these pacakges are 'data' files, and should be treated as such. 
They could just as easily be .tar files (or any format, including .deb) 
inside of an INSTALLABLE .deb..

Thanks,

Norbert


pgphJKl5Oqtls.pgp
Description: PGP signature

Re: Purposely broken/uninstallable packages in archive

[Junichi Uekawa]

severity 112723 critical
thanks

David Starner <[EMAIL PROTECTED]> immo vero scripsit

> On Thu, Sep 20, 2001 at 02:20:31PM +0900, Junichi Uekawa wrote:
> > This is, IMO a bogus bug.
> > Go and fix a real bug. There are enough already.
> 
> A package that will do grave damage to your system if installed
> is not a real bug? 

Define grave damage.

But yes, a machine will not boot after installing this package.
Maybe this was a grave bug after all.

I am overloaded at the moment, and if someone can play around
and test this thing, any help would be appreciated.

I am thinking  of something in the line of building the .deb file and 
installing it somewhere in 
/usr/lib/diskless/




regards,
junichi

-- 
[EMAIL PROTECTED]  http://www.netfort.gr.jp/~dancer

Re: Purposely broken/uninstallable packages in archive

[David Starner]

On Thu, Sep 20, 2001 at 02:20:31PM +0900, Junichi Uekawa wrote:
> This is, IMO a bogus bug.
> Go and fix a real bug. There are enough already.

A package that will do grave damage to your system if installed
is not a real bug? 

-- 
David Starner - [EMAIL PROTECTED]
Pointless website: http://dvdeug.dhis.org
When the aliens come, when the deathrays hum, when the bombers bomb,
we'll still be freakin' friends. - "Freakin' Friends"

Re: Purposely broken/uninstallable packages in archive

[Junichi Uekawa]

Junichi Uekawa <[EMAIL PROTECTED]> immo vero scripsit

A note.

> Good. Send me a patch.
> I will apply it.

... after woody, probably.

It has been there since potato, and I don't think I will make a last 
minute change to a package.

This is, IMO a bogus bug.
Go and fix a real bug. There are enough already.



regards,
junichi

-- 
[EMAIL PROTECTED]  http://www.netfort.gr.jp/~dancer

Re: Purposely broken/uninstallable packages in archive

[Gustavo Noronha Silva]

Em Wed, 19 Sep 2001 11:01:24 -0400
Norbert Veber <[EMAIL PROTECTED]> escreveu:

> It looks like more and more of these are popping up.  It seems to me that
by the way, I think we're losing lots of the benefits our release/test cycle
is suppose to give us... I see many people making last-hour changes and
rapdly upgrading the upstream version of their packages so that they'll
reach woody's release these packages are missing lots of testing 
major changes and version upgrades should not be left to the last months
of the cycle IMHO...

> I am writing here so that this can be discussed.  I filed grave bugs on some
> of these packages which were imediatelly downgraded by their respective
> maintainers to a wishlist severity, and tagged "wontfix".
that's abuse IMO if the bugs are real bugs...

[]s!

-- 
Gustavo Noronha Silva - kov 
**
|  .''`.  | Debian GNU/Linux: |
| : :'  : | Debian BR...:  |
| `. `'`  |  Be Happy! Be FREE!  |
|   `-| "Think globally, act locally!"   |
**

Re: Purposely broken/uninstallable packages in archive

[Ethan Benson]

On Wed, Sep 19, 2001 at 11:01:24AM -0400, Norbert Veber wrote:
> packages such as diskless-image-secure, diskless-image-simple, xfsprogs-bf,
> e2fsprogs-bf should automatically qualify for grave or even critical bugs
> for breaking your system if installed.

read the description for xfsprogs-bf and e2fsprogs-bf, your NOT
SUPPOSED to install them.  we need them for boot-floppies.  

with at least the -bf packages the user has to explicity type `yes
please wreck my system' or something like that into apt before it will
proceed, if they are that determined to shoot thier own foot, let them.

-- 
Ethan Benson
http://www.alaska.net/~erbenson/


pgp6ddkqrcUEp.pgp
Description: PGP signature

Re: Purposely broken/uninstallable packages in archive

[Junichi Uekawa]

In Wed, 19 Sep 2001 11:01:24 -0400 Norbert cum veritate scripsit :

> Why are such things allowed into the archive?  Will these things ever
> even
> make it into testing given that they are uninstallable?

diskless-image-secure |  0.3.6 |stable | all
diskless-image-secure | 0.3.15 |   testing | all
diskless-image-secure | 0.3.15 |  unstable | all

> IMHO. this is a completelly wrong way of going about this.  These
> packages
> contain data used by other packages.  This is not uncommon, many
> packages
> have a -common or -data package to go with them.  This is a special case
> because the data is in the format of a .deb.  I suggest then that
> diskless-image-simple and friends should be packages that contain the
> .deb
> files.  Ie. there is no reason one cannot have a harmless
> diskless-image-simple that contains another .deb as data.  This second
> .deb
> can then be used by the diskless package to setup its chroot.

Good. Send me a patch.
I will apply it.


regards,
junichi

-- 
[EMAIL PROTECTED] : Junichi Uekawa   http://www.netfort.gr.jp/~dancer
GPG Fingerprint : 17D6 120E 4455 1832 9423  7447 3059 BF92 CD37 56F4

Purposely broken/uninstallable packages in archive

[Norbert Veber]

Hi,

It looks like more and more of these are popping up.  It seems to me that
packages such as diskless-image-secure, diskless-image-simple, xfsprogs-bf,
e2fsprogs-bf should automatically qualify for grave or even critical bugs
for breaking your system if installed.

From the description of diskless-image-simple:
WARNING: This package can and will break your computer. Do not install
manually. It should only be installed via the diskless-newimage, part of
the diskless package.

Why are such things allowed into the archive?  Will these things ever even
make it into testing given that they are uninstallable?

IMHO. this is a completelly wrong way of going about this.  These packages
contain data used by other packages.  This is not uncommon, many packages
have a -common or -data package to go with them.  This is a special case
because the data is in the format of a .deb.  I suggest then that
diskless-image-simple and friends should be packages that contain the .deb
files.  Ie. there is no reason one cannot have a harmless
diskless-image-simple that contains another .deb as data.  This second .deb
can then be used by the diskless package to setup its chroot.

I am writing here so that this can be discussed.  I filed grave bugs on some
of these packages which were imediatelly downgraded by their respective
maintainers to a wishlist severity, and tagged "wontfix".

Thanks,

Norbert


pgpgxUHyj8sap.pgp
Description: PGP signature