possible mass bug filing for packages shipping stuff in /var/run, /var/lock, /run?
* Andreas Beckmann <debian@abeckmann.de>, 2012-10-05, 23:16:
I haven't made a detailed analysis, yet, and cannot say how many packages would be affected. Right now I have about 100 candidate piuparts logs that should cover /var/run and /var/lock, but I haven't sorted them in "buggy", "depends on buggy", "other problem". I expect the buggy category to be around a dozen. Lintian should be able to spot all the buggy ones, shouldn't it? http://lintian.debian.org/tags/dir-or-file-in-run.html http://lintian.debian.org/tags/dir-or-file-in-var-run.html http://lintian.debian.org/tags/dir-or-file-in-var-lock.html Would it be appropriate to file RC bugs against all the packages shipping anything in /var/run, /var/lock or /run? IMO, yes. -- Jakub Wilk -- To UNSUBSCRIBE, email to debian-devel-REQUEST@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org Archive: 20121005213553.GA6401@jwilk.net">http://lists.debian.org/20121005213553.GA6401@jwilk.net |
possible mass bug filing for packages shipping stuff in /var/run, /var/lock, /run?
On 2012-10-05 23:35, Jakub Wilk wrote:
> Lintian should be able to spot all the buggy ones, shouldn't it? Good point. > http://lintian.debian.org/tags/dir-or-file-in-run.html 0 :-) > http://lintian.debian.org/tags/dir-or-file-in-var-run.html 28 (6 overridden) > http://lintian.debian.org/tags/dir-or-file-in-var-lock.html 6 (1 overridden) Anyone who wants to take this easy job? Since I don't have to analyze piuparts logs for getting the data ... Andreas -- To UNSUBSCRIBE, email to debian-devel-REQUEST@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org Archive: 506F5541.9080504@abeckmann.de">http://lists.debian.org/506F5541.9080504@abeckmann.de |
possible mass bug filing for packages shipping stuff in /var/run, /var/lock, /run?
On Fri, Oct 05, 2012 at 11:35:53PM +0200, Jakub Wilk wrote:
> * Andreas Beckmann <debian@abeckmann.de>, 2012-10-05, 23:16: > >I haven't made a detailed analysis, yet, and cannot say how many > >packages would be affected. Right now I have about 100 candidate > >piuparts logs that should cover /var/run and /var/lock, but I > >haven't sorted them in "buggy", "depends on buggy", "other > >problem". I expect the buggy category to be around a dozen. > > Lintian should be able to spot all the buggy ones, shouldn't it? > > http://lintian.debian.org/tags/dir-or-file-in-run.html > http://lintian.debian.org/tags/dir-or-file-in-var-run.html > http://lintian.debian.org/tags/dir-or-file-in-var-lock.html [...] Seems like these should be added to ftp-master autorejects. Ben. -- Ben Hutchings We get into the habit of living before acquiring the habit of thinking. - Albert Camus -- To UNSUBSCRIBE, email to debian-devel-REQUEST@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org Archive: 20121005221432.GO13292@decadent.org.uk">http://lists.debian.org/20121005221432.GO13292@decadent.org.uk |
possible mass bug filing for packages shipping stuff in /var/run, /var/lock, /run?
On 10/06/2012 05:46 AM, Andreas Beckmann wrote:
Anyone who wants to take this easy job? Since I don't have to analyze piuparts logs for getting the data ... Andreas Hi, I'll try to send bugs *with patches* over this week end. Thomas Goirand (zigo) -- To UNSUBSCRIBE, email to debian-devel-REQUEST@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org Archive: 506FDAE2.30909@debian.org">http://lists.debian.org/506FDAE2.30909@debian.org |
possible mass bug filing for packages shipping stuff in /var/run, /var/lock, /run?
On 10/06/2012 03:16 PM, Thomas Goirand wrote:
On 10/06/2012 05:46 AM, Andreas Beckmann wrote: Anyone who wants to take this easy job? Since I don't have to analyze piuparts logs for getting the data ... Andreas Hi, I'll try to send bugs *with patches* over this week end. Thomas Goirand (zigo) This is done. For each package in the lists I sent a bug report with a proposed debdiff. Since the var/run folder is to be used at runtime, I couldn't always tell where to add the relevant mkdir calls, but that was pretty rare. In most cases, adding it into debian/<package>.init was enough, and often, then mkdir was there already (even with the package shipping the folder). Also, some package were using dpkg-statoverride. I believe it doesn't make sense for something in /var/run. After doing this work, I also believe that ftp-master should reject any package shipping a folder /var/run/<package>. On the 28 packages which I wrote a patch for, none seemed to have valid reasons to ship that folder. Even those who were having a lintian override file. So at least blocking if there's no override seem to me the correct thing to do. Cheers, Thomas Goirand (zigo) -- To UNSUBSCRIBE, email to debian-devel-REQUEST@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org Archive: 50719FC3.2000006@debian.org">http://lists.debian.org/50719FC3.2000006@debian.org |
possible mass bug filing for packages shipping stuff in /var/run, /var/lock, /run?
On Fri, Oct 5, 2012 at 23:16:05 +0200, Andreas Beckmann wrote:
> Hi, > > I haven't made a detailed analysis, yet, and cannot say how many > packages would be affected. Right now I have about 100 candidate > piuparts logs that should cover /var/run and /var/lock, but I haven't > sorted them in "buggy", "depends on buggy", "other problem". I expect > the buggy category to be around a dozen. > > Would it be appropriate to file RC bugs against all the packages > shipping anything in /var/run, /var/lock or /run? > No, there's nothing wrong with that. Cheers, Julien |
possible mass bug filing for packages shipping stuff in /var/run, /var/lock, /run?
On 10/08/2012 01:21 AM, Julien Cristau wrote:
On Fri, Oct 5, 2012 at 23:16:05 +0200, Andreas Beckmann wrote: Hi, I haven't made a detailed analysis, yet, and cannot say how many packages would be affected. Right now I have about 100 candidate piuparts logs that should cover /var/run and /var/lock, but I haven't sorted them in "buggy", "depends on buggy", "other problem". I expect the buggy category to be around a dozen. Would it be appropriate to file RC bugs against all the packages shipping anything in /var/run, /var/lock or /run? No, there's nothing wrong with that. Cheers, Julien Lintian (and myself) do not agree with you. Lintian considers it a "Serious" problem. And so does the policy manual in which you can read: "Packages must not include files or directories under /run, or under the older /var/run and /var/lock paths." It's perfectly fine to me that the release team decides what is RC or not (even if I don't agree, it's your call...), but these are still "must not" in the wording of the policy. Cheers, Thomas -- To UNSUBSCRIBE, email to debian-devel-REQUEST@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org Archive: 5072ABF8.6030309@debian.org">http://lists.debian.org/5072ABF8.6030309@debian.org |
possible mass bug filing for packages shipping stuff in /var/run, /var/lock, /run?
On 08/10/2012 12:33, Thomas Goirand wrote:
> On 10/08/2012 01:21 AM, Julien Cristau wrote: >> On Fri, Oct 5, 2012 at 23:16:05 +0200, Andreas Beckmann wrote: >> >>> Hi, >>> >>> I haven't made a detailed analysis, yet, and cannot say how many >>> packages would be affected. Right now I have about 100 candidate >>> piuparts logs that should cover /var/run and /var/lock, but I >>> haven't sorted them in "buggy", "depends on buggy", "other >>> problem". I expect the buggy category to be around a dozen. >>> >>> Would it be appropriate to file RC bugs against all the packages >>> shipping anything in /var/run, /var/lock or /run? >>> >> No, there's nothing wrong with that. >> > […] > > It's perfectly fine to me that the release team decides what is RC or > not (even if I don't agree, it's your call...), […] Julien answered the question though and you don't seem to disagree (by reading your mail). -- Mehdi Dogguy مهدي الدڤي -- To UNSUBSCRIBE, email to debian-devel-REQUEST@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org Archive: 5072AD96.30805@dogguy.org">http://lists.debian.org/5072AD96.30805@dogguy.org |
possible mass bug filing for packages shipping stuff in /var/run, /var/lock, /run?
On Mon, Oct 8, 2012 at 6:33 AM, Thomas Goirand wrote:
> On 10/08/2012 01:21 AM, Julien Cristau wrote: >>> Would it be appropriate to file RC bugs against all the packages >>> shipping anything in /var/run, /var/lock or /run? >>> >> No, there's nothing wrong with that. >> >> Cheers, >> Julien > > Lintian (and myself) do not agree with you. Lintian > considers it a "Serious" problem. And so does the policy > manual in which you can read: > > "Packages must not include files or directories under /run, > or under the older /var/run and /var/lock paths." The thing is that it really does no harm if a package actually does this; although it is pretty pointless since those files will be gone after reboot. So, even though policy says "must not", it's not really a problem in practice, so important is probably a more appropriate severity at this point in the release process. Best wishes, Mike -- To UNSUBSCRIBE, email to debian-devel-REQUEST@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org Archive: http://lists.debian.org/CANTw=MO8SnuhQBRHmw9mQke8GZv0YTVNrz-mpcPgq-=BJGYYrg@mail.gmail.com |
possible mass bug filing for packages shipping stuff in /var/run, /var/lock, /run?
* Michael Gilbert <mgilbert@debian.org>, 2012-10-08, 14:15:
"Packages must not include files or directories under /run, or under the older /var/run and /var/lock paths." The thing is that it really does no harm if a package actually does this Given that /var/lock is world-writable in Debian, and that dpkg follows symlinks to directories, at least shipping directories in /var/lock is almost certainly a security hole. (Fortunately, this is mitigated by the protected_symlinks feature of the recent kernels.) -- Jakub Wilk -- To UNSUBSCRIBE, email to debian-devel-REQUEST@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org Archive: 20121008182724.GA2540@jwilk.net">http://lists.debian.org/20121008182724.GA2540@jwilk.net |
| All times are GMT. The time now is 12:12 PM. |
VBulletin, Copyright ©2000 - 2013, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO ©2007, Crawlability, Inc.