Package: udevil Version: 0.4.4-1+b1 Severity: normal udevil is a standalone secure mounting tool (and the packaged devmon tool will use udevil if it is present) - however this package recommends udisks2 and pmount, causing them to be installed on the system by default. This defeats the purpose of udevil, since they can be used to mount things outside of udevil's security model, and with the associated security bugs etc that the simple udevil tool was made to avoid.
I have been pinged by the udevil programmer over this, hence the random bug here - the 'official' upstream control has no recommends for this reason: https://github.com/IgnorantGuru/udevil/blob/next/distros/debian/control Please can the 'recommends' packages be removed? --- System information. --- Architecture: Kernel: Linux 4.9.0-3-amd64 Debian Release: stretch/sid 990 testing 10.1.0.3 500 unstable 10.1.0.3 500 quodlibet-unstable lazka.github.io 100 ascii-proposed 10.1.0.3 --- Package information. --- Depends (Version) | Installed ============================-+-============ libc6 (>= 2.14) | libglib2.0-0 (>= 2.16.0) | libudev1 (>= 183) | Recommends (Version) | Installed =========================-+-=========== udisks2 | 2.1.8-1+devuan2 zenity | 3.22.0-1+b1 pmount | 0.9.23-3+b2 Suggests (Version) | Installed =========================-+-=========== eject | 2.1.5+deb1+cvs20081104-13.2 cifs-utils | curlftpfs | 0.9.2-9+b1 sshfs | 2.8-1
signature.asc
Description: OpenPGP digital signature
