[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: new source format

jmlb2@hermes.cam.ac.uk (Jules Bean)  wrote on 18.03.99 in <[🔎] Pine.SOL.3.95q.990318085209.20577C-100000@red.csi.cam.ac.uk>:

> Why is it dangerous to allow arbitrary scripts to be executed?

*During unpacking*.

> We allow arbitrary scripts to be executed from debian/rules.  That's

That's not run during unpacking, though.

> pretty dangerous, isn't it?  I could slip an rm -fr ~ into a debian/rules
> in a package I maintain.  Presumably, you trust me not to do that.

If I wouldn't trust you, how would I make sure?

Obviously, by looking at your sources.

And how would I do that?

I'd download them and do dpkg-source -x.


If I can't trust dpkg-source -x, then we have a *serious* problem.

MfG Kai

Reply to: