[16050] in athena10
Bug#914036: config-package-dev: scripts directly access internal dpkg database
daemon@ATHENA.MIT.EDU (Guillem Jover)
Sun Nov 18 13:12:58 2018
Reply-To: Guillem Jover <guillem@debian.org>, 914036@bugs.debian.org
Resent-From: Guillem Jover <guillem@debian.org>
Resent-To: debian-bugs-dist@lists.debian.org
Date: Sun, 18 Nov 2018 19:09:51 +0100
From: Guillem Jover <guillem@debian.org>
To: submit@bugs.debian.org
Message-ID: <20181118180951.GA19816@gaara.hadrons.org>
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Disposition: inline
Content-Transfer-Encoding: 8bit
Source: config-package-dev
Source-Version: 5.5
Severity: important
User: debian-dpkg@lists.debian.org
Usertags: dpkg-db-access-blocker
Hi!
This package contain scripts that directly access the dpkg internal
database [S], instead of using the correct public interface
«dpkg --verify» (note that it currently does not return an error exit
code when it finds modified files, that will be fixed in 1.19.3, but
you can always just check the output).
[S] check-files.mk, dh_configpackage
This is a problem for several reasons, because even though the layout and
format of the dpkg database is administrator friendly, and it is expected
that those might need to mess with it, in case of emergency, this
“interface” does not extend to other programs besides the dpkg suite of
tools. The admindir can also be configured differently at dpkg build or
run-time. And finally, the contents and its format, will be changing in
the near future.
Thanks,
Guillem
