Here's an interesting hypothetical question we came up with at the office: Suppose a .deb is released that does rm -rf / in its prerm. We know it has been installed on a bunch of machines all over the place. How can we safely upgrade them?
I don't see any way to do it, because /usr/doc/packaging-manual/packaging.html/ch-maintainerscripts.html says that "old-prerm upgrade new-version" is the absolute first command to be run during a package upgrade. By contrast, if the rm -rf is in the old-postrm, the preinst of the new package can whipe it out or something. Note that in RPM, the preinst _and_ postinst are run before the old-prerm and old-postrm. I emphasize that is _way_ broken, but it does let this hypothetical situation be dealt with. Hm. Would making a new, independant package that shiped out the broken package's prerm, and then making the new version of the broken package pre-depend on it work? -- see shy jo
