Re: new source format
jmlb2@hermes.cam.ac.uk (Jules Bean) wrote on 18.03.99 in <[🔎] Pine.SOL.3.95q.990318085209.20577C-100000@red.csi.cam.ac.uk>:
> Why is it dangerous to allow arbitrary scripts to be executed?
*During unpacking*.
> We allow arbitrary scripts to be executed from debian/rules. That's
That's not run during unpacking, though.
> pretty dangerous, isn't it? I could slip an rm -fr ~ into a debian/rules
> in a package I maintain. Presumably, you trust me not to do that.
If I wouldn't trust you, how would I make sure?
Obviously, by looking at your sources.
And how would I do that?
I'd download them and do dpkg-source -x.
Oops!
If I can't trust dpkg-source -x, then we have a *serious* problem.
MfG Kai
Reply to: