On Wed, Feb 09, 2005 at 04:01:18PM +0100, Julio M. Merino Vidal wrote:
> On Wed, 2005-02-09 at 14:46 +0000, Alistair Crooks wrote:
> 
> > The reason for this is one of security.  For almost all users, these
> > commands are run as the root user; the commands are taken from a file
> > in the filesystem hierarchy (which is not itself checksummed).  From a
> > security POV, I want to know what commands are being run, even if you
> > don't want to, because files can be modified, made to point to
> > additional scripts, etc.
> 
> But still, the INSTALL and DEINSTALL scripts are executed and they can
> do whatever they want being completely silent, isn't it?  In that case,
> they could do the same harm as @exec/@unexec lines could...
> Am I wrong?

You are right - but I see the right way of fixing that is to echo what's
happening in the INSTALL and DEINSTALL scripts.

Regards,
Alistair