[Pkg-clamav-devel] Lintian override (Was: Re: repo set up)
Michael Meskes
meskes at debian.org
Tue Sep 9 15:28:21 UTC 2008
On Mon, Sep 08, 2008 at 08:05:51PM +0100, Stephen Gran wrote:
> Most of the variables in the script wind up as config settings in the
> daemon config files.
Right.
> > If it is only used by some daemonized software we could create a directory
> > belonging to that user and be safe.
>
> It's the parent directory for new directories created on the fly - they
> are created and destroyed as needed. Since the relevant process is
> creating the directories, the permissions are alrady fine, and it seems
> an appropriate use of /tmp to me.
Sorry, wan't precise enough. If only user clamav was creating files there we
could create a directory owned by use clamav which would be a better way. But
then with mktemp this shouldn't be a problem at all.
> Let me back up a step - what are we fixing? I don't love the
> reimplementation of mktemp, but it is an appropriate way to use /tmp,
> as far as I can tell. If it's just the lintian complaint, I think that's
> either a bug in lintian or a need for an override on our part.
I don't think there is much logic behind the lintian rule. So yes, it's
probably best to add an override.
> I think we've handled that CVE already, but yes - that's the sort of
> thing I'm talking about. It would be really nice if upstream would just
> use the off the shelf, working solutions to these sorts of things
> instead of reinventing the wheel, but here we are.
Right and this is why we discuss this kind of thing, sigh.
Michael
--
Michael Meskes
Email: Michael at Fam-Meskes dot De, Michael at Meskes dot (De|Com|Net|Org)
Michael at BorussiaFan dot De, Meskes at (Debian|Postgresql) dot Org
ICQ: 179140304, AIM/Yahoo: michaelmeskes, Jabber: meskes at jabber.org
Go VfL Borussia! Go SF 49ers! Use Debian GNU/Linux! Use PostgreSQL!
More information about the Pkg-clamav-devel
mailing list