Rejecting classmate-settings
Martin Pitt
martin.pitt at ubuntu.com
Fri Feb 15 14:39:54 GMT 2008
Hi Oliver,
I rejected classmate-settings, because:
* orig.tar.gz has no license copy, nor copyright headers
* postinst creates a high-privileged (even sudo-capable) local user
with a static active password ("edubuntu"). This creates a
local/remote root hole by merely installing the package.
* postinst changes sudo configuration
* introduces conffile file conflict on
/etc/firefox-3.0/pref/firefox.js with firefox
* ships a static /etc/X11/xorg.conf, which breaks X.org's assumptions
of xorg.conf being its own config file and not a conffile
TBH, I think the entire idea of that package is flawed. This shouldn't
be a package in the first place, but shipped as a "setup" script
somewhere, so that innocent people who install this package (including
automatic stuff like piuparts, chroots, etc.) don't ruin their system
completely.
Martin
--
Martin Pitt http://www.piware.de
Ubuntu Developer http://www.ubuntu.com
Debian Developer http://www.debian.org
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: Digital signature
Url : https://lists.ubuntu.com/archives/ubuntu-archive/attachments/20080215/e24ea662/attachment.pgp
More information about the ubuntu-archive
mailing list