<em>free</em> in our sense (see the Debian Free Software
Guidelines, below), or may be imported/exported without
restrictions. Thus, the archive is split into the distribution
- areas or categories based on their licenses and other restrictions.
+ areas or components<footnote>
+ The Debian archive software uses the term "component" internally
+ and in the Release file format to refer to the division of an
+ archive. The Debian Social Contract refers to distribution
+ areas. This document uses the same terminology as the Social
+ Contract.
+ </footnote> based on their licenses and other restrictions.
</p>
<p>
</p>
<p>
- The <em>main</em> category forms the
- <em>Debian GNU/Linux distribution</em>.
+ The <em>main</em> distribution area forms the <em>Debian GNU/Linux
+ distribution</em>.
</p>
<p>
</sect>
<sect id="sections">
- <heading>Categories</heading>
+ <heading>Distribution areas</heading>
<sect1 id="main">
- <heading>The main category</heading>
+ <heading>The main distribution area</heading>
<p>
Every package in <em>main</em> must comply with the DFSG
</sect1>
<sect1 id="contrib">
- <heading>The contrib category</heading>
+ <heading>The contrib distribution area</heading>
<p>
Every package in <em>contrib</em> must comply with the DFSG.
</sect1>
<sect1 id="non-free">
- <heading>The non-free category</heading>
+ <heading>The non-free distribution area</heading>
<p>
Packages must be placed in <em>non-free</em> if they are
<heading>Sections</heading>
<p>
- The packages in the categories <em>main</em>,
+ The packages in the distribution areas <em>main</em>,
<em>contrib</em> and <em>non-free</em> are grouped further
into <em>sections</em> to simplify handling.
</p>
<p>
- The category and section for each package should be
+ The distribution area and section for each package should be
specified in the package's <tt>Section</tt> control record
(see <ref id="f-Section">). However, the maintainer of the
Debian archive may override this selection to ensure the
<list compact="compact">
<item>
<em>section</em> if the package is in the
- <em>main</em> category,
+ <em>main</em> distribution area,
</item>
<item>
- <em>segment/section</em> if the package is in
+ <em>area/section</em> if the package is in
the <em>contrib</em> or <em>non-free</em>
distribution areas.
</item>
</p>
<p>
- Mailboxes are generally mode 660
- <tt><var>user</var>:mail</tt> unless the system
- administrator has chosen otherwise. A MUA may remove a
- mailbox (unless it has nonstandard permissions) in which
- case the MTA or another MUA must recreate it if needed.
- Mailboxes must be writable by group mail.
+ Mailboxes are generally either mode 600 and owned by
+ <var>user</var> or mode 660 and owned by
+ <tt><var>user</var>:mail</tt><footnote>
+ There are two traditional permission schemes for mail spools:
+ mode 600 with all mail delivery done by processes running as
+ the destination user, or mode 660 and owned by group mail with
+ mail delivery done by a process running as a system user in
+ group mail. Historically, Debian required mode 660 mail
+ spools to enable the latter model, but that model has become
+ increasingly uncommon and the principle of least privilege
+ indicates that mail systems that use the first model should
+ use permissions of 600. If delivery to programs is permitted,
+ it's easier to keep the mail system secure if the delivery
+ agent runs as the destination user. Debian Policy therefore
+ permits either scheme.
+ </footnote>. The local system administrator may choose a
+ different permission scheme; packages should not make
+ assumptions about the permission and ownership of mailboxes
+ unless required (such as when creating a new mailbox). A MUA
+ may remove a mailbox (unless it has nonstandard permissions) in
+ which case the MTA or another MUA must recreate it if needed.
</p>
<p>
</p>
<p>
- Packages in the <em>contrib</em> or <em>non-free</em> categories
- should state in the copyright file that the package is not part
- of the Debian GNU/Linux distribution and briefly explain why.
+ Packages in the <em>contrib</em> or <em>non-free</em>
+ distribution areas should state in the copyright file that the
+ package is not part of the Debian GNU/Linux distribution and
+ briefly explain why.
</p>
<p>