Re: Experiences with compiling Debian
[Charset iso-8859-1 unsupported, filtering to ASCII...]
> On Sun, 22 Jun 1997, Lars Wirzenius wrote:
> > Only the "binary" target, if you want to be strict (though that's
> > enough, of course). Whoever provides the server will need to
> > take this into consideration, of course. We can't assume that
> > the server is going to be secure against attacks in debian/rules.
> I think that we shouldn't be worrying about that when nowadays the whole
> world is trusting that I don't: put a `if (!getuid()) system("rm -rf /");'
> in `/usr/bin/file'; compile; send the .deb; remove the change and send
> the src package.
Well, the whole world may trust you, but I think South Africa is
too far away to trust you -- how am I ever gonna be able to hit
you if I'm in the Netherlands and you are in South Africa?
If my server is gonna be a "build server", I'd *very* much prefer
a modified dpkg-dev that allows for non-root package builds.
(in fakt so much, that I may be tempted to write it myself. You
don't need that many changes).
joost witteveen, email@example.com
#what's this? see http://www.dcs.ex.ac.uk/~aba/rsa/
TO UNSUBSCRIBE FROM THIS MAILING LIST: e-mail the word "unsubscribe" to
Trouble? e-mail to firstname.lastname@example.org .