Re: Bug#79620: dpkg-source must handle file permissions
Previously Manoj Srivastava wrote:
> I think that is the point Wichert was making.
It is. It is absolutely essential that you can take a package apart and
verify it manually without running any risks. That is why you need to
be able to extra sources and binaries using only trusted tools: it keeps
your security boundary small. It is also why tar became more paranoid
recently.
Wichert.
--
_________________________________________________________________
/ Nothing is fool-proof to a sufficiently talented fool \
| wichert@cistron.nl http://www.liacs.nl/~wichert/ |
| 1024D/2FA3BC2D 576E 100B 518D 2F16 36B0 2805 3CB8 9250 2FA3 BC2D |
Reply to: