On Thu, 22 Nov 2007, Jeff Mickey wrote:
After reading Aaron's status report, I figured this would be an easy thing to take care of.
Here is the script I used to find these packages: #!/bin/zsh
dirs=('/home/ftp/core/os/i686' '/home/ftp/extra/os/i686')
for dir in $dirs; do for pkg in `ls $dir`; do tar -tzf $dir/$pkg | egrep '^opt' > /dev/null if [[ $? < 1 ]]; then print $pkg fi done done
I figured I'd post the list of packages that have /opt files. I'm gonna do some of these packages while I'm here on break, but if you see a package _you_ would rather take care of, just reply to the thread. I also think that filesystem should be the very last package that we do.. if we ever do it. It's probably best to keep it there so that way packages don't add and remove the /opt folder, it is always owned by the filesystem package.
If you think I missed a package or one of these is wrong, just reply and let me know. And here is the list of the offending packages: acroread-8.1.1-1-i686.pkg.tar.gz
acroread is my package. I'll do the change myself.
chkrootkit-0.47-1.pkg.tar.gz
I am not a security expert but isn't the reason that chkrootkit is not being installed in a directory in the PATH a security reason so that malware can't find the executables to modify/delete them? Maybe keeping it out of /usr would accomplish this better. BTW, my understanding was that we were waiting for kde4 before moving KDE packages to /usr. -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean.