lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <20090429195037.GC1598@khazad-dum.debian.net>
Date:	Wed, 29 Apr 2009 16:50:37 -0300
From:	Henrique de Moraes Holschuh <hmh@....eng.br>
To:	Kay Sievers <kay.sievers@...y.org>
Cc:	Mike Frysinger <vapier.adi@...il.com>, Greg KH <greg@...ah.com>,
	linux-usb@...r.kernel.org, linux-kernel@...r.kernel.org
Subject: Re: usbutils 0.81 release

On Wed, 29 Apr 2009, Kay Sievers wrote:
> > Debian places it in /var/lib/usbids/ for a good reason.  So does Ubuntu.
> > Both have working "update-usbids" scripts (might be the one from upstream,
> > or something different).  They also have the original file in /usr/share, I
> > don't know if usbutils was changed to check /var first then /usr, or what.
> 
> Having several files on the same system sounds crazy from a distro
> standpoint. There needs to be only a single database by default. Users

We are talking about two files, here.  Not several.

> can do whatever they want anyway, but packages should not support such
> a thing.

If they are to be useful, yes, they do.  Or do you want us to package just
the usb-ids text file by itself and keep updating it all the time?  That's
the only other possibility, and it is done for the tzdata.

But update-usbids (like update-pciids and update-intel-microcode) works just
fine, so likely the usbutils maintainer didn't have any reasons to move from
update-usbids to a volatile package.

> If the user updates it, what does a new ids file do? Overwrite it

Well, the package overwrites the older one if the download suceeds with a
mv.  No mess.  If the download fails, the temp file is removed, and the
older one remains untouched.

There is no mess here.  And it might be a simple case of the package
creating /var/lib/usbids/usb.ids at post-install time from the static
packaged data, and usbutils always using just /var/lib/usbids/usb.ids. I am
not the maintainer of that package, and sincerely, given your tone, I am not
inclined to go fetch the source and read the scripts.

Now, I am not sure there is any checking against partial downloads.  That is
one thing a more controlled volatile package would be better at.

-- 
  "One disk to rule them all, One disk to find them. One disk to bring
  them all and in the darkness grind them. In the Land of Redmond
  where the shadows lie." -- The Silicon Valley Tarot
  Henrique Holschuh
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ