Bug#913781: reprozip: Script accesses internal dpkg database
Guillem Jover
guillem at debian.org
Thu Nov 15 04:52:48 GMT 2018
Source: reprozip
Source-Version: 1.0.10-1
Severity: important
User: debian-dpkg at lists.debian.org
Usertags: dpkg-db-access-blocker
Hi!
This package contains a scripts, which directly access the dpkg internal
database, instead of using one of the public interfaces provided by dpkg.
The code in «reprozip/tracer/linux_pkgs.py» should be switched to use
«dpkg-query --listfiles PKGNAME...». To avoid a performance loss, the
code can batch multiple packages on a single call (according to the
command-line length limit), which will get output as different stanzas
separated by a blank line (even if the package does not exist).
This is a problem for several reasons, because even though the layout and
format of the dpkg database is administrator friendly, and it is expected
that those might need to mess with it, in case of emergency, this
“interface” does not extend to other programs besides the dpkg suite of
tools. The admindir can also be configured differently at dpkg build or
run-time. And finally, the contents and its format, will be changing in
the near future.
Thanks,
Guillem
More information about the debian-science-maintainers
mailing list