Paul Wise writes ("Re: Debian Policy 4.1.4.0 released"): > uscan is used in situations where one does not want arbitrary code > >from source packages automatically run by uscan. As long as `uscan > --safe` ignores that fallback, that should be fine I guess though. I think safety should be the default, so I have filed https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=895546 Thanks, Ian.