On 2008-07-08 09:48 +0200, Debian Bug Tracking System wrote:
> Changes:
> safe-rm (0.2-4) unstable; urgency=high
> .
> * Move the binary to /usr/bin which removes the need for a diversion
> (closes: #489690). Urgency high because of this critical bug.
Thanks for the fast reaction. Unfortunately, upgrading from 0.2-3 (or
earlier) has now another problem. Between unpacking the new version and
running the postinst script no /bin/rm exists, and this situation looks
much more scary to me than the problems I outlined in the original
report. In mass-upgrades, the time window between unpacking and
configuring a package is potentially very large, several minutes are not
unusual.
Since there's no way to fix this (/bin/rm is shipped in 0.2-3, and dpkg
will clobber it on upgrade, period), to me the only way to protect users
from this danger seems to offer to error out in the preinst. This could
be done via a debconf question like the one kernel-package creates for
linux-image packages (they warn to overwrite a running kernel).
The only reason not to do this would be the young age and therefore low
popularity of safe-rm. But even with only two dozen users I bet that
one of them will be hit very badly by this bug.
Cheers,
Sven
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
