* Javier Fernandez-Sanguino: > This really sounds like there is a "use case" for data-only > "packages" that:
Is clamav-data really data-only? Other AV software ships some sort of code even in signature updates (as opposed to engine updates). > - do not include maintainer scripts (dpkg refuses to run them) or are > only allowed a set of limited tasks (run in a restricted shell or with > reduced privileges) > > - are only allowed to write in a specific place on disk (such as > /var/lib/<packagename>) > > Wouldn't that reduce the problems surrounding clamav-data and other > frequently-updated data packages? It would mean that APT and dpkg have to deal with untrusted data in many more places. Not a good idea, IMHO. -- To UNSUBSCRIBE, email to debian-devel-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
