Re: new source format
email@example.com (Jules Bean) wrote on 18.03.99 in <Pine.SOL.3.95q.990318085209.20577Cfirstname.lastname@example.org>:
> Why is it dangerous to allow arbitrary scripts to be executed?
> We allow arbitrary scripts to be executed from debian/rules. That's
That's not run during unpacking, though.
> pretty dangerous, isn't it? I could slip an rm -fr ~ into a debian/rules
> in a package I maintain. Presumably, you trust me not to do that.
If I wouldn't trust you, how would I make sure?
Obviously, by looking at your sources.
And how would I do that?
I'd download them and do dpkg-source -x.
If I can't trust dpkg-source -x, then we have a *serious* problem.