[Pkg-auth-maintainers] Bug#905663: python-yubico: maintscript accesses internal dpkg database
Guillem Jover
guillem at debian.org
Tue Aug 7 23:02:20 BST 2018
Source: python-yubico
Source-Version: 1.3.2-1
Severity: normal
User: debian-dpkg at lists.debian.org
Usertags: dpkg-db-access-inert
Hi!
This package contains a maintainer script [M], which directly accesses
the dpkg internal database.
[M] debian/python-yubico.preinst
This a problem for multiple reasons. Even though the layout and format
of the dpkg database is administrator friendly, and it's expected that
those might need to mess with it, in case of emergency, this interface
does not extend to other programs besides the dpkg suite of tools. The
admindir can also be configured differently at dpkg build or run-time.
And finally, the contents and its format, will be changing in the near
future.
In addition in this particular case, the maintainer script contains an
obsolete code fragment taken from stdeb that was long removed when the
pycentral package got removed from Debian.
Thanks,
Guillem
More information about the Pkg-auth-maintainers
mailing list