Control: severity serious I am of the belief this change is in violation of the Debian Policy Manual version 2.5:
Important programs, including those which one would expect to find
on any Unix-like system. If the expectation is that an experienced
Unix person who found it missing would say “What on earth is going
on, where is foo?”, it must be an important package. [6] Other
packages without which the system will not run well or be usable
must also have priority important. This does not include Emacs, the
X Window System, TeX or any other large applications. The important
packages are just a bare minimum of commonly-expected and necessary
tools.
...
[6] This is an important criterion because we are trying to
produce, amongst other things, a free Unix.
`write` and `msg` are both parts of POSIX as explained earlier
(https://pubs.opengroup.org/onlinepubs/9699919799.orig/,
https://pubs.opengroup.org/onlinepubs/9699919799.orig/). I, as an
experienced user and developer, attempted to use `write` to test it
before putting it in a privileged script, found it didn't exist,
discovered util-linux didn't have it anymore on my Trixie system, and
went "What on earth is going on, where is write?" To make matters more
confusing, the `wall` manpage still mentions `write` and `mesg`,
leading a user to believe that the utilities are supposed to be there.
util-linux's priority is "required", not just "important". It is
reasonable for users to assume that long-standing UNIX API components
will not simply vanish with no explanation other than "most people
probably use something else nowadays". Nowadays we have "better"
alternatives to a lot of core UNIX utilities, like `ls`, `cd`, etc. Are
we going to remove those in favor of "better" alternatives too? I would
surely hope not.
The fact that these utilities present a security risk if they are
allowed to be run by any arbitrary user is not a reason to remove them
entirely. They are still very useful for allowing privileged
scripts and applications to send notifications to individual users
without having to alert the entire workstation (or all of the users in
the target user's group) about whatever notification is being sent.
Removing SGID from them (as appears to have been done initially) was
the right thing to do, and I am perfectly happy with the removal of
the SGID bit from these executables remaining into perpetuity if there
really is no safe way to write to other user's terminals. But removing
the utilities entirely breaks one of the core goals of Debian stated by
the policy. Just because individual unprivileged users no longer have
good reasons to use these utilities doesn't mean the utilities
themselves are obsolete.
If bringing back `write` in util-linux is out of the question,
hopefully it can be placed in a new package with priority "important".
pgpn8ZfKJj2io.pgp
Description: OpenPGP digital signature
