rpms/tetex-font-cm-lgc/devel tetex-font-cm-lgc.spec,1.7,1.8

Wed Nov 2 16:35:37 UTC 2005

On Wed, 2005-11-02 at 14:26 +0000, Paul Howarth wrote:
> On Wed, 2005-11-02 at 14:48 +0200, Sarantis Paskalis wrote:
> > On Wed, Nov 02, 2005 at 01:20:35PM +0100, Ralf Corsepius wrote:
> > > On Wed, 2005-11-02 at 13:42 +0200, Sarantis Paskalis wrote:
> > > > On Wed, Nov 02, 2005 at 12:15:19PM +0100, Ralf Corsepius wrote:
> > > > > On Wed, 2005-11-02 at 05:59 -0500, Sarantis Paskalis wrote:
> > > > > > -  /usr/bin/updmap-sys --quiet --nohash --outputdir %{texmf}/dvips/config --disable cm-lgc.map
> > > > > > +  updmap-sys --quiet --nohash --disable %{texpkg}.map
> > > > > >  fi
> > > > > > +texhash
> > > > > Why did you replace /usr/bin/updmap-sys with updmap-sys?
> > > > > 
> > > > > To me, this is a regression.
> > > > 
> > > > I tend to agree with the comment in
> > > > http://www.redhat.com/archives/fedora-extras-list/2005-October/msg00593.html
> > > 
> > > You are running programs in %post and %postun scriptlets. Just stick a
> > > broken or malicious program somewhere into path, and you are breaking
> > > the user's system.
> > 
> > You have a point that these operations are not so much protected as
> > others in the main building procedure.  However, you would need a
> > malicious program before (not anywhere) the valid one in the
> > administrator's path (not just any user's).
> > 
> > I will revert the change (readd the /usr/bin), but I think we should
> > have guidelines for these issues such as:
> > 
> > - If the spec file contains commands in the building stage
> > (%prep, %build, %install), then use the plain command name, i.e. foo
> > instead of /usr/bin/foo
> > 
> > - If the spec file contains commands in the installation/removal
> > stage, i.e. user run scriptlets (%pre, %preun, %post, %postun),
> > then use the absolute command path, i.e. /usr/bin/foo
> > 
> > What do you think?
>
> I think the full command path should be used everywhere.
ACK, but ...

>  Whilst this
> will make no difference in the Extras build system, it's worth
> remembering that people will download the SRPMs and build them manually
> for a bunch of different reasons (e.g. building for a different distro
> such as CentOS, building with different --with options etc.) and that
> specifying full paths will result in more consistent results in such
> cases where people might have other versions of commands installed
> earlier in their own PATH.

... I consider %pre*/%post* scriptlets to be much more critical than
programs in %build, %install etc., because %pre*/%post scriptlets are
executed much more frequently and in most cases, silently/unsupervised
by "unconscious casual installers" as part of "installing a package".

Those in %build, %install etc. are less critical, because they normally
are only executed as part of "building a package", a task far less
frequently being exercised, in an at least
"semi-controlled/semi-supervised environment", by at least "half-
conscious users".

Ralf