Re: [transcript] source package formats
On Mon, 20 Mar 2000, Wichert Akkerman wrote:
> Previously Adam Heath wrote:
> > However, it has its drawbacks, the 2 most glaring that it hides the
> > source in subtrees, all packed up, and that it doesn't extract into
> > <pkg>-<ver> directly.
>
> You conveniently ignored Ian's biggest con: it does not gave you a way
> to get to the source as it is compiles without running a script. This is
> bad, since it means you have to run an untrusted script in order to get
> to the source. Imagine the unpack-rules doing something like
> "sudo rm -rf /". Oops...
Are you being purposefully obtuse, or just not following along?
I mention what the current state of dbs is. That was a summary for those who
couldn't see that in the transcript. That was NOT a summary of what this new
script does.
You complain about problems in the old dbs, without commenting at all about
anything in this new thing I have come up with. Ian's complaint was that he
would have to check each src pkg that comes with dbs, to make sure it was
secure. This new way puts dbs-like functionality into dpkg-source itself, so
he would only have to check it once.
I say again. This is a .dsc unpacker, in the same way dpkg-source is.
----BEGIN GEEK CODE BLOCK----
Version: 3.12
GCS d- s: a-- c+++ UL++++ P+ L++++ !E W+ M o+ K- W--- !O M- !V PS--
PE++ Y+ PGP++ t* 5++ X+ tv b+ D++ G e h*! !r z?
-----END GEEK CODE BLOCK-----
----BEGIN PGP INFO----
Adam Heath <doogie@debian.org> Finger Print | KeyID
67 01 42 93 CA 37 FB 1E 63 C9 80 1D 08 CF 84 0A | DE656B05 PGP
AD46 C888 F587 F8A3 A6DA 3261 8A2C 7DC2 8BD4 A489 | 8BD4A489 GPG
-----END PGP INFO-----
Reply to: