Item8311: Configuration warnings and management in Debian packages

pencil
Priority: Enhancement
Current State: Needs Developer
Released In: n/a
Target Release:
Applies To: Extension
Component: DebianPackage
Branches:
Reported By: Foswiki:Main.DrakeDiedrich
Waiting For: Main.DrakeDiedrich
Last Change By: GeorgeClark
In http://trac.foswiki.org/browser/trunk/core/tools/pkg/debian/patches/00_More_Extensions_warning.dpatch?rev=3207 a warning was added to the Debian 1.0.x branch packages about installing from source rather than packages, and a recommendation to not use configure to install and configure extensions.

In http://trac.foswiki.org/changeset/5244 I removed this patch from trunk, where it no longer was capable of applying (the code and functions all changed). SvenDowedeit asked that I find a way to restore it in trunk.

In http://foswiki.org/Tasks/Item8301 Sven and I both expressed reservations about configure in Debian packages, and downloading and executing (as the web server uid) at the request of a web user.

This may be more of a global issue - executing unsigned content in the extensions and their installers, but it manifests most in DebianPackage, where there is an existing solution to signing executable content. CPAN and most other upstream authors have unsigned content, which Debian reduces to a single download by a developer (who often looks over the new differences).

My inclination is to split configure off into a separate package, and make it an alternative to a different configuration package that ships a fairly simple Debianized demonstration configuration (using debconf, only packaged-extension installed, etc). Users would then have the choice of the current Foswiki configure setup, and Debian-driven basic configuration, or no configuration and all manual install (for the complex cases where configuration has to be handled manually anyway).

-- DrakeDiedrich - 23 Oct 2009

 

ItemTemplate edit

Summary Configuration warnings and management in Debian packages
ReportedBy Foswiki:Main.DrakeDiedrich
Codebase trunk
SVN Range 5244-
AppliesTo Extension
Component DebianPackage
Priority Enhancement
CurrentState Needs Developer
WaitingFor DrakeDiedrich
Checkins
ReleasedIn n/a
CheckinsOnBranches
trunkCheckins
masterCheckins
ItemBranchCheckins
Release02x01Checkins
Release02x00Checkins
Release01x01Checkins
Topic revision: r2 - 12 Dec 2017, GeorgeClark
The copyright of the content on this website is held by the contributing authors, except where stated elsewhere. See Copyright Statement. Creative Commons License    Legal Imprint    Privacy Policy