Bug#1020387: dictionaries-common: Consensus regarding the packaging of the Qt WebEngine hunspell binary dictionaries

Soren Stoutner soren at stoutner.com
Mon Jan 9 18:37:58 GMT 2023 

For sake of completeness, it was previously discussed that it would be 
possible to patch the Qt WebEngine source to directly look for the 
dictionaries in /usr/share/hunspell-bdic instead of the default upstream 
location.  It is unclear how much ongoing maintenance effort that would entail, 
but it is a possible solution if the symlink is unacceptable.

On Monday, January 9, 2023 11:29:25 AM MST Soren Stoutner wrote:
> Although I can think of some circumstances where a dangling symlink can pose
> a security risk (depending on where it is located, where it points to, if
> there are different permissions on who can write to each location, and what
> type of information programs read or write to the link), but I cannot think
> of any way this particular symlink could pose a security risk.
> 
> On Monday, January 9, 2023 7:46:15 AM MST Lisandro Damián Nicanor Pérez
> Meyer
> wrote:
> > Hi!
> > 
> > On Fri, 6 Jan 2023 at 12:22, Dmitry Shachnev <mitya57 at debian.org> wrote:
> > > On Thu, Jan 05, 2023 at 03:18:14PM -0700, Soren Stoutner wrote:
> > > > What is the Debian policy on this?  If a user does not have any
> > > > Hunspell
> > > > dictionaries installed it will result in a dangling symlink.  We could
> > > > have
> > > > some essential package create the /usr/share/hunspell-bdic directory,
> > > > but in that case /usr/share/huspell-bdic will exist on systems that
> > > > don’t intend to ever install any Hunspell dictionaries, which may be
> > > > considered by some to be suboptimal.
> > > > 
> > > > From a functionality perspective I don’t think there are any problems
> > > > with the dangling symlink.
> > 
> > I understand they pose a security issue, or possible one. But I'm
> > afraid I do not know the details.
> > 
> > I also would need to read the whole thread in order to see if there is
> > any other option...


-- 
Soren Stoutner
soren at stoutner.com
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: This is a digitally signed message part.
URL: <http://alioth-lists.debian.net/pipermail/pkg-kde-talk/attachments/20230109/8a322f9e/attachment.sig>

More information about the pkg-kde-talk mailing list