Paul Wise writes ("Re: Debian Policy 4.1.4.0 released"):
> uscan is used in situations where one does not want arbitrary code
> >from source packages automatically run by uscan. As long as `uscan
> --safe` ignores that fallback, that should be fine I guess though.
I think safety should be the default, so I have filed
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=895546
Thanks,
Ian.