I wrote: > When I installed lcms 1.09-1, it overwrote my /usr/bin directory with a > file, making my system non-bootable. Note my fink dir is > "/usr/local/finksw". ... ><http://sourceforge.net/tracker/index.php?func=detail&aid=678560&group_i d=17203&atid=117203>
I've been thinking about how to prevent this sort of thing happening in the future. Two things occur to me: 1. Have fink build as non-root. However, to do this properly I think this requires the use of fakeroot. If anyone wants to port fakeroot, they'd be doing the fink community an enormous favour. 2. After the dpkg is built, fink should check it to make sure that all the files are within %p (or within other directories somehow explicitly mentioned in the .info file). The point is not to be secure against malicious packages, but to be safer against accidental errors. -- Ashley Yakeley, Seattle WA ------------------------------------------------------- This SF.NET email is sponsored by: SourceForge Enterprise Edition + IBM + LinuxWorld = Something 2 See! http://www.vasoftware.com _______________________________________________ Fink-devel mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/fink-devel
