On Thu, 8 Mar 2012 10:50:44 +0800 Daniel Hartwig wrote: > On 8 March 2012 10:49, Daniel Hartwig <mand...@gmail.com> wrote: > > > > Apt-listbugs could try harder to avoid directly reading from /dev/tty > > > > Of course, here I am refering to reading from stdin instead.
I wonder whether this is at all possible... I am not 100 % sure, since I was not involved in apt-listbugs development at the time when these parts of the code were initially laid out, but I think that one of the main reasons why apt-listbugs needs to explicitly open "/dev/tty" is that it needs to perform the following steps (when run in "apt" mode): * first it reads the input provided by apt-get or aptitude or other compatible package manager through the Pre-Install-Pkgs hook info protocol version 2 (see /etc/apt/apt.conf.d/10apt-listbugs , I am sure the Aptitude Development Team members are more knowledgeable than me about this protocol); this input is provided to apt-listbugs on its STDIN, as through a pipe * when this input ends (EOF), apt-listbugs needs to be able to become interactive and ask questions to the user, and get answers from STDIN, and possibly also run a web browser (that could be a textual browser, depending on the user preferences) and let the user interact with the browser, until it exits and comes back to the apt-listbugs interactive prompt Currently, apt-listbugs does all this by opening "/dev/tty", after the input provided by apt(itude) ends. I don't know whether there's a better way to achieve this result, without being limited by the security fix for CVE-2005-4890... Any idea? I haven't found much documentation about these tricks in Ruby... :-( -- http://www.inventati.org/frx/frx-gpg-key-transition-2010.txt New GnuPG key, see the transition document! ..................................................... Francesco Poli . GnuPG key fpr == CA01 1147 9CD2 EFDF FB82 3925 3E1C 27E1 1F69 BFFE
pgphRBHMaWmKz.pgp
Description: PGP signature
