Re: new source format

To: debian-dpkg@lists.debian.org
Subject: Re: new source format
From: kaih@khms.westfalen.de (Kai Henningsen)
Date: 20 Mar 1999 23:07:00 +0200
Message-id: <[🔎] 7DFonP-mw-B@khms.westfalen.de>
In-reply-to: <[🔎] Pine.SOL.3.95q.990318085209.20577C-100000@red.csi.cam.ac.uk>
References: <[🔎] 7D1Ydpkmw-B@khms.westfalen.de> <[🔎] Pine.SOL.3.95q.990318085209.20577C-100000@red.csi.cam.ac.uk>

jmlb2@hermes.cam.ac.uk (Jules Bean)  wrote on 18.03.99 in <[🔎] Pine.SOL.3.95q.990318085209.20577C-100000@red.csi.cam.ac.uk>:

> Why is it dangerous to allow arbitrary scripts to be executed?

*During unpacking*.

> We allow arbitrary scripts to be executed from debian/rules.  That's

That's not run during unpacking, though.

> pretty dangerous, isn't it?  I could slip an rm -fr ~ into a debian/rules
> in a package I maintain.  Presumably, you trust me not to do that.

If I wouldn't trust you, how would I make sure?

Obviously, by looking at your sources.

And how would I do that?

I'd download them and do dpkg-source -x.

Oops!


If I can't trust dpkg-source -x, then we have a *serious* problem.

MfG Kai

Reply to:

References:
- Re: new source format
  - From: kaih@khms.westfalen.de (Kai Henningsen)
- Re: new source format
  - From: Jules Bean <jmlb2@hermes.cam.ac.uk>

Prev by Date: Re: new source format
Next by Date: Re: Bug#34676: libtool: hosttype determination is seriously broken
Previous by thread: Re: new source format
Next by thread: Re: new source format
Index(es):
- Date
- Thread