> In no way installing the debian-policy package introduce a security
> hole, causes serious data loss or makes unrelated software on the
> system break.
Not the installation of the policy package, but the following of the
policy, prevents base-files from being secure. Is not the policy at
fault if it mandates insecure settings or actions?
Message-Id: <email address hidden>
Date: Fri, 25 Mar 2005 06:37:14 +1100
From: <email address hidden>
To: <email address hidden>, <email address hidden>
Subject: Re: Bug#299007: base-files: Insecure PATH in /root/.profile
Bill,
Thank you for the explanations.
> One of the rules is that policy proposal are wishlist by definition.
Quite sensible: protect the policy-makers from blame and "litigation". bugs.debian. org/cgi- bin/pkgreport. cgi?pkg= debian- policy
I guess that the couple of "normal" bugs listed under
http://
never followed instructions and never set severity.
> In no way installing the debian-policy package introduce a security
> hole, causes serious data loss or makes unrelated software on the
> system break.
Not the installation of the policy package, but the following of the
policy, prevents base-files from being secure. Is not the policy at
fault if it mandates insecure settings or actions?
Cheers,
Paul Szabo <email address hidden> http:// www.maths. usyd.edu. au/u/psz/
School of Mathematics and Statistics University of Sydney Australia