Package: cruft Version: 0.9.38 Severity: important User: debian-d...@lists.debian.org Usertags: dpkg-db-access-blocker
Hi! This package contains several scripts [S], which directly accesses the dpkg internal database. Instead of using one of the public interfaces provided by dpkg. The file «explain/dpkg» access the file list files directly, and should be switched to use either «dpkg-query --listfiles» instead, or the dpkq-query db-fsys:Files virtual field with --show. If using the former and to avoid a performance hit, the code should batch multiple packages on each call, taking into account command-line length limits. Each package will get a paragraph separated by a blank line (even if it is not installed). The files «explain/dpkg» and «explain/DIVERSIONS» access the diversions database directly instead of using «dpkg-divert». The file «explain/ALTERNATIVES» accesses the alternatives database directly instead of using «update-alternatives». This is a problem for several reasons, because even though the layout and format of the dpkg database is administrator friendly, and it is expected that those might need to mess with it, in case of emergency, this “interface” does not extend to other programs besides the dpkg suite of tools. The admindir can also be configured differently at dpkg build or run-time. And finally, the contents and its format, will be changing in the near future. Thanks, Guillem
