[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Bug#79620: dpkg-source must handle file permissions

Previously Manoj Srivastava wrote:
> 	I think that is the point Wichert was making.

It is. It is absolutely essential that you can take a package apart and
verify it manually without running any risks. That is why you need to
be able to extra sources and binaries using only trusted tools: it keeps
your security boundary small. It is also why tar became more paranoid
recently.

Wichert.

-- 
  _________________________________________________________________
 /       Nothing is fool-proof to a sufficiently talented fool     \
| wichert@cistron.nl                  http://www.liacs.nl/~wichert/ |
| 1024D/2FA3BC2D 576E 100B 518D 2F16 36B0  2805 3CB8 9250 2FA3 BC2D |
Reply to: