Your message dated Thu, 09 Aug 2018 16:39:30 +0300
with message-id <[email protected]>
and subject line Re: Bug#905671: bcfg2: maintscript accesses internal dpkg
database
has caused the Debian Bug report #905671,
regarding bcfg2: maintscript accesses internal dpkg database
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
905671: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=905671
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Source: bcfg2
Source-Version: 1.4.0~pre2+git141-g6d40dace6358-1
Severity: normal
User: [email protected]
Usertags: dpkg-db-access-inert
Hi!
This package contains a maintainer script [M], which directly accesses
the dpkg internal database.
[M] misc/python-ssl-1.15/debian/python-ssl.preinst
This a problem for multiple reasons. Even though the layout and format
of the dpkg database is administrator friendly, and it's expected that
those might need to mess with it, in case of emergency, this interface
does not extend to other programs besides the dpkg suite of tools. The
admindir can also be configured differently at dpkg build or run-time.
And finally, the contents and its format, will be changing in the near
future.
In addition in this particular case, the maintainer script contains an
obsolete code fragment taken from stdeb that was long removed when the
pycentral package got removed from Debian.
Thanks,
Guillem
--- End Message ---
--- Begin Message ---
This is a false positive. The found file isn't a part of the bcfg2
packaging. The upstream source contains ancient packaging files for
creating local python-ssl packages for users of old python versions
without openssl support (I can't remember how old these would be,
probably pre-2.0).
The files are useless and unusable at this point, and should most likely
be removed from upstream git, though.
--
Arto Jantunen
--- End Message ---
