Source: plainbox-provider-checkbox
Source-Version: 0.25-2
Severity: important
User: [email protected]
Usertags: dpkg-db-access-blocker
Hi!
This package contains a script that directly accesses the dpkg
internal database [S], instead of using the correct public interface
for each usage. That is:
* _query_package(): «dpkg-query --search»
* _get_device_pkgs(): «dpkg-query --listfiles»
* DebianPackageHandler: Use python-apt or python-debian to read and
parse the status file. A simple parser will give bogus results if
it is called from within a maintainer script for example, because
it will not include information from the dpkg journal.
[S] bin/dkms_info
This a problem for multiple reasons. Even though the layout and format
of the dpkg database is administrator friendly, and it's expected that
those might need to mess with it, in case of emergency, this interface
does not extend to other programs besides the dpkg suite of tools. The
admindir can also be configured differently at dpkg build or run-time.
And finally, the contents and its format, will be changing in the near
future.
Thanks,
Guillem
