Hi David & Francesco, Thanks for the quick feedback.
On Sat, Mar 16, 2013 at 12:05:09PM +0100, David Kalnischkies wrote [edited]: > Using a hook-defined fifoname rather than a random fifoname should be > okay as the later isn't more secure than the former (if an attacker has > root rights to write to it we are doomed anyway …) and in fact creating > a randomly named fifo could be hard in practice … Exactly my thinking. > I guess the apt-listbugs patch is just for testing, but I say it non-the-less: > It would be good if at least apt-listbugs/wheezy would support both so we > don't create backport problems that early in the (not even started) wheezy > release cycle. ;) Indeed apt-listbugs is mostly for testing and unstable. The apt-listbugs releases that ship with a fifo option will version-depend on the earliest apt release that supports the feature. In the unlikely event of a backport of apt-listbugs, we could always revert apt-listbugs to use stdin. Francesco, To test the patch you have to temporarily point /usr/lib/i386-linux-gnu/libapt-pkg.so.4.12 to build/bin/libapt-pkg.so in an apt checkout (and of course apply the patch to /usr/sbin/apt-listbugs). This new apt feature opens the way for #671728, but really fixing the latter would also require a non-interactive apt-listbugs frontend (to be used for programmatic invocation). cheers, sez -- Every great idea is worthless without someone to do the work. --Neil Williams -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
