Re: quilt 3.0 source format and dpkg-source/dpkg-buildpackage

To: debian-devel@lists.debian.org
Subject: Re: quilt 3.0 source format and dpkg-source/dpkg-buildpackage
From: Charles Plessy <plessy@debian.org>
Date: Wed, 30 Dec 2009 21:06:10 +0900
Message-id: <[🔎] 20091230120610.GH31378@kunpuu.plessy.org>
In-reply-to: <[🔎] 87ljglgk6r.fsf@windlord.stanford.edu>
References: <[🔎] 87ljglgk6r.fsf@windlord.stanford.edu>

Le Tue, Dec 29, 2009 at 08:27:56PM -0800, Russ Allbery a écrit :
> Charles Plessy <plessy@debian.org> writes:
> 
> > There were some concerns that applying patches through debian/rules
> > could be a security hole. In my opinion – that I already expressed in
> > the DEP1 discussion – given that 1) dpkg-source will not extract
> > packages that are not GPG-trusted,
> 
> Eh?  I'm fairly sure it does for me, although it prints a warning.

Indeed I was wrong: dpkg-source will refuse to unnpack a package that is signed
but the key is not available locally, however it will accept to unpack a
package that is not signed.

Sorry for the confusion,

-- 
Charles Plessy
Tsurumi, Kanagawa, Japan

Reply to:

Follow-Ups:
- Re: quilt 3.0 source format and dpkg-source/dpkg-buildpackage
  - From: Andreas Metzler <ametzler@downhill.at.eu.org>

References:
- Re: quilt 3.0 source format and dpkg-source/dpkg-buildpackage
  - From: Russ Allbery <rra@debian.org>

Prev by Date: Re: where is /etc/hosts supposed to come from?
Next by Date: Bug#563052: ITP: mono-fuse -- CLI binding for FUSE
Previous by thread: Re: quilt 3.0 source format and dpkg-source/dpkg-buildpackage
Next by thread: Re: quilt 3.0 source format and dpkg-source/dpkg-buildpackage
Index(es):
- Date
- Thread