Debian Package setup fails if the setup password contains spaces

[gohrner]

Installing the tine20 Debian Package always failed on my system, even after unsetting the LANG variable.

/var/lib/dpkg/info/tine20.postinst: 58: [: pJBBCGS9: unexpected operator

I had to take a look at the postinst script to understand it was caused by my auto-generated setup password containing spaces...

It's somewhat dangerous to use a completely unquoted password there, and also other special characters in the password may cause script failures / syntax error and whatever.

At least, the password should be quoted everywhere where it's used in the script, but in addition, the password selection dialog should explicitly warn about the password being used in unsafe ways in shell scripts and ask to avoid special characters.

A user won't try to perform code injections on her/his own server, of course, but inadvertedly using "wrong" characters in ones password really happens easily.

[pschuele]

that's true, thanks for opening the issue. I'll have a look.