Control: tag -1 + upstream Hello!
On Wed, 31 Jan 2018 22:12:59 -0500 Daniel Kahn Gillmor <d...@fifthhorseman.net> wrote:
Package: unbound-anchor Version: 1.6.7-1 Severity: wishlist the dns-root-data package's debian/rules uses unbound-anchor in its get_orig_source target. It currently specifies the path explicitly, because it shouldn't need to be run as root. This is a classic example of a program that doesn't need to be run as root living in /usr/sbin when it should live in /usr/bin. Let's let people rely on their standard $PATH without making brittle scripts. I'm fine with shipping a symlink from /usr/sbin/unbound-anchor so that we don't break existing brittle scripts, but we shouldn't encourage creation of more brittle scripts in the first place.
Well yes, it appears to be that unbound-anchor does not need to be a "system" command, it is a user-callable command. But this is how upstream doe is, - and they ship unbound-anchor.8 manpage too. I don't know why it is done this way. Maybe it historically it were supposed to be run as a daemon to keep the file updated? It was definitely used by unbound itself to fetch the DNS root key, and now in Debian, dns-root-data package sits "between" unbound-anchor and the unbound daemon. Maybe we should talk with upstream for them to reconsider? I don't have an opinion here besides the fact that I want to have as few debian-specific changes as possible. Thanks, /mjt
