Re: Multipart package (IRAF)
Zed Pobre <zed@moebius.interdestination.net> wrote:
> Incidentally, each of the three primary source files are chopped up
> into segments of about 512k each, with no definitive name for what
> they should be when recombined (actually, the install instructions
> have you just cat the entire mess through gzip and tar to install). Do
> I list each segment as an individual file, or is it legal to give it
> the logical reconstruction name? Also, what do you do with the Source:
> header in this case?
Reconstruct the source, and put it upload it in reconstructed form.
The Source: header should refer to your reconstructed sources by name.
> > Finally, the primary security holes that can occur with binaries run
> > under a user account has to granting access to the machine from a
> > random place on the net. If iraf listens to ip sockets then that's a
> > potential vulnerability.
>
> As far as I can tell, it doesn't touch the net at all. It
> certainly doesn't change anything in /etc that would allow it to (you
> can't just listen to a socket at random, can you?)
Of course you can: socket(), listen(), accept().
And it's not necessarily a bad thing to do -- it's just that
communications are a potential security issue. (and writing servers is a
bit easier to get wrong than writing clients).
--
Raul
--
TO UNSUBSCRIBE FROM THIS MAILING LIST: e-mail the word "unsubscribe" to
debian-devel-request@lists.debian.org .
Trouble? e-mail to templin@bucknell.edu .
Reply to: