[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Experiences with compiling Debian

[Charset iso-8859-1 unsupported, filtering to ASCII...]
> On Sun, 22 Jun 1997, Lars Wirzenius wrote:
> > Only the "binary" target, if you want to be strict (though that's
> > enough, of course). Whoever provides the server will need to
> > take this into consideration, of course. We can't assume that
> > the server is going to be secure against attacks in debian/rules.
>  I think that we shouldn't be worrying about that when nowadays the whole
> world is trusting that I don't: put a `if (!getuid()) system("rm -rf /");'
> in `/usr/bin/file'; compile; send the .deb; remove the change and send
> the src package. 

Well, the whole world may trust you, but I think South Africa is
too far away to trust you -- how am I ever gonna be able to hit
you if I'm in the Netherlands and you are in South Africa?

If my server is gonna be a "build server", I'd *very* much prefer
a modified dpkg-dev that allows for non-root package builds.

(in fakt so much, that I may be tempted to write it myself. You
don't need that many changes).

joost witteveen, joostje@debian.org
#!/usr/bin/perl -sp0777i<X+d*lMLa^*lN%0]dsXx++lMlN/dsM0<j]dsj
$/=unpack('H*',$_);$_=`echo 16dio\U$k"SK$/SM$n\EsN0p[lN*1
#what's this? see http://www.dcs.ex.ac.uk/~aba/rsa/

TO UNSUBSCRIBE FROM THIS MAILING LIST: e-mail the word "unsubscribe" to
debian-devel-request@lists.debian.org . 
Trouble?  e-mail to templin@bucknell.edu .

Reply to: