Rejecting classmate-settings

Martin Pitt martin.pitt at
Fri Feb 15 14:39:54 GMT 2008

Hi Oliver,

I rejected classmate-settings, because:

 * orig.tar.gz has no license copy, nor copyright headers

 * postinst creates a high-privileged (even sudo-capable) local user
   with a static active password ("edubuntu"). This creates a
   local/remote root hole by merely installing the package.

 * postinst changes sudo configuration

 * introduces conffile file conflict on
   /etc/firefox-3.0/pref/firefox.js with firefox
 * ships a static /etc/X11/xorg.conf, which breaks's assumptions
   of xorg.conf being its own config file and not a conffile

TBH, I think the entire idea of that package is flawed. This shouldn't
be a package in the first place, but shipped as a "setup" script
somewhere, so that innocent people who install this package (including
automatic stuff like piuparts, chroots, etc.) don't ruin their system

Martin Pitt
Ubuntu Developer
Debian Developer
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: Digital signature
Url : 

More information about the ubuntu-archive mailing list