On Sunday, 26 November 2023 4:56:03 AM AEDT Christoph Anton Mitterer wrote:
> The most recent upgrade forces people to use
> update-smart-drivedb by doing it already in the postinst and not leaving it
> up to the user whether he wants to use such a tool.
>
> Security-wise this is really a bad
On Sat, 25 Nov 2023 18:56:03 +0100 Christoph Anton Mitterer wrote:
> The most recent upgrade forces people to use
> update-smart-drivedb by doing it already in the postinst and not leaving it
> up to the user whether he wants to use such a tool.
>
> Security-wise this is really a bad idea.
>
>
If you really insist on having that functionality, wouldn't it be
anyway better to:
- Add a systemd.timer that regularly (perhaps weekly?) calls
update-smart-drivedb instead of doing it only once in postinst,
where it's unlikely to be of much use, because the package was just
upgraded, so
Package: smartmontools
Version: 7.4-1
Severity: grave
Tags: security
Justification: user security hole
X-Debbugs-Cc: Debian Security Team
Hey.
The most recent upgrade forces people to use
update-smart-drivedb by doing it already in the postinst and not leaving it
up to the user whether he wants
4 matches
Mail list logo