[Please do not send me Ccs, I read the list where I'm posting to. If not I explicitly state this at the beginnning of my mail.]
On 00-12-04 Javier Fernandez-Sanguino Peña wrote:
> Christian Kurz escribió:
> >
> >
> > > I have checked it out and would really like to see it included in
> > > the DDP and think that debian security guru's should help in
> >
> > Well, which package should include this documentation? May I also say,
> > that some debian security interested guys helped in creating this
> > document?
> As for the first one I do not know, maybe we should create a
> debian-security package to provide this kind of information like the
> java-common package provides the Java FAQ and the Java policy as
Well, I think including this documentation into doc-debian would then be
more sinful, because creating a new package for one document isn't a
good idea.
> well as being a suited metapackage. How about having a package
> providing this document and some useful scripts (for example
> cron.daily updates from security.debian.org) and dependancies on
> security-related packages. Kind of a meta-package...
No, we had one discussion about this some time ago and came to the
conclusion that such a metapackage isn't a good idea.
> > > ideas? Also, since the package would depend on other packages we
> > > need to have this in the chrooted environment too, is there an
> > > *easy* way to do this? (without needing to have two package
> > > databases)
> >
> > No, that's why I think chroots should always be set up by the admin and
> > not by any tool. And a good idea knows how to create chroots even for
> > programs using dynamic linking.
> >
> I'm not quite the same thinking here. You could use the powerful
> package
> management tools in order to automatically do this like:
> (user) - ok I want bind installed but chrooted in /home/bind
> (apt/dpkg) - downloading bind
> (apt/dpkg) - installing in /home/bind
No, if you would have read the discussion on debian-devel you would also
know, that this won't be possible.
> (apt/dpkg) - checking dependancies of bind
> (apt/dpkg) - moving related libraries (to allow dynamic linking) into
> /home/bind
> (apt/dpkg) - changing default init.d script to run bind but chrooted
> into
> /home/bind
Can always be done via an external script, that the administrator
starts, if he really wants to chroot the daemon.
>
> (....)
> (user) - dpkg --status bind
> (dpkg) Package: bind...
> Chrooted-in: /home/bind
Won't work and I think this is somehting that Wichert won't include in
dpkg. Also you should be free to choose the place to chroot for
yourself.
> Did it make any sense?
Some and please turn that v-card of.
Ciao
Christian
--
Debian Developer and Quality Assurance Team Member
1024/26CC7853 31E6 A8CA 68FC 284F 7D16 63EC A9E6 67FF 26CC 7853
pgpCR0X9pcyRf.pgp
Description: PGP signature
