Comment 4 for bug 833053

Revision history for this message
Sebastian Heinlein (glatzor) wrote :

Hello Michael and Michael,

So it makes sense to specify the complete absolute path to the global key file in the package record.

The main problem is that you don't know how secure the soon to be deployed software in /opt will be. Aptdaemon checks already if the license key is an executable or starts with a shebang line. Or if there are any symlinks in the license key path. Furthermore aptdaemon doesn't overwrite any existing file.

I cannot imagine any locations that should be restricted by the web ui generally, since it is completely up to the application developer e.g. if the conf.d directory is used to store configuration snippets or just keys.

Can we gurantee that all software installed in /opt will follow the /opt/pkgname schema? Or will there be some exceptions, e.g. /opt/AdobeAcroread?