[Please do not send me Ccs, I read the list where I'm posting to. If not I explicitly state this at the beginnning of my mail.] On 00-12-04 Javier Fernandez-Sanguino Peña wrote: > Christian Kurz escribió: > > > > > > > I have checked it out and would really like to see it included in > > > the DDP and think that debian security guru's should help in > > > > Well, which package should include this documentation? May I also say, > > that some debian security interested guys helped in creating this > > document? > As for the first one I do not know, maybe we should create a > debian-security package to provide this kind of information like the > java-common package provides the Java FAQ and the Java policy as Well, I think including this documentation into doc-debian would then be more sinful, because creating a new package for one document isn't a good idea. > well as being a suited metapackage. How about having a package > providing this document and some useful scripts (for example > cron.daily updates from security.debian.org) and dependancies on > security-related packages. Kind of a meta-package... No, we had one discussion about this some time ago and came to the conclusion that such a metapackage isn't a good idea. > > > ideas? Also, since the package would depend on other packages we > > > need to have this in the chrooted environment too, is there an > > > *easy* way to do this? (without needing to have two package > > > databases) > > > > No, that's why I think chroots should always be set up by the admin and > > not by any tool. And a good idea knows how to create chroots even for > > programs using dynamic linking. > > > I'm not quite the same thinking here. You could use the powerful package > management tools in order to automatically do this like: > (user) - ok I want bind installed but chrooted in /home/bind > (apt/dpkg) - downloading bind > (apt/dpkg) - installing in /home/bind No, if you would have read the discussion on debian-devel you would also know, that this won't be possible. > (apt/dpkg) - checking dependancies of bind > (apt/dpkg) - moving related libraries (to allow dynamic linking) into > /home/bind > (apt/dpkg) - changing default init.d script to run bind but chrooted into > /home/bind Can always be done via an external script, that the administrator starts, if he really wants to chroot the daemon. > > (....) > (user) - dpkg --status bind > (dpkg) Package: bind... > Chrooted-in: /home/bind Won't work and I think this is somehting that Wichert won't include in dpkg. Also you should be free to choose the place to chroot for yourself. > Did it make any sense? Some and please turn that v-card of. Ciao Christian -- Debian Developer and Quality Assurance Team Member 1024/26CC7853 31E6 A8CA 68FC 284F 7D16 63EC A9E6 67FF 26CC 7853
Attachment:
pgpCdudEnGLkZ.pgp
Description: PGP signature