Bug#1020387: dictionaries-common: Consensus regarding the packaging of the Qt WebEngine hunspell binary dictionaries

Soren Stoutner soren at stoutner.com
Mon Jan 9 18:29:25 GMT 2023


Although I can think of some circumstances where a dangling symlink can pose a 
security risk (depending on where it is located, where it points to, if there 
are different permissions on who can write to each location, and what type of 
information programs read or write to the link), but I cannot think of any way 
this particular symlink could pose a security risk.

On Monday, January 9, 2023 7:46:15 AM MST Lisandro Damián Nicanor Pérez Meyer 
wrote:
> Hi!
> 
> On Fri, 6 Jan 2023 at 12:22, Dmitry Shachnev <mitya57 at debian.org> wrote:
> > On Thu, Jan 05, 2023 at 03:18:14PM -0700, Soren Stoutner wrote:
> > > What is the Debian policy on this?  If a user does not have any Hunspell
> > > dictionaries installed it will result in a dangling symlink.  We could
> > > have
> > > some essential package create the /usr/share/hunspell-bdic directory,
> > > but in that case /usr/share/huspell-bdic will exist on systems that
> > > don’t intend to ever install any Hunspell dictionaries, which may be
> > > considered by some to be suboptimal.
> > > 
> > > From a functionality perspective I don’t think there are any problems
> > > with the dangling symlink.
> 
> I understand they pose a security issue, or possible one. But I'm
> afraid I do not know the details.
> 
> I also would need to read the whole thread in order to see if there is
> any other option...


-- 
Soren Stoutner
soren at stoutner.com
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: This is a digitally signed message part.
URL: <http://alioth-lists.debian.net/pipermail/pkg-kde-talk/attachments/20230109/77360e4e/attachment.sig>


More information about the pkg-kde-talk mailing list