Bug#144571: dpkg-source invokes tar without --no-same-owner
On Fri, Apr 26, 2002 at 09:56:45AM +0100, Jules Bean wrote:
> It's a bit weird, I concede, but surely dpkg-source is not the kind of
> command you should be running as root anyhow? Running arbitrary
> commands as root often leads to security problems...
dpkg-source is not an arbitrary command, it has a well defined action, and
is useful. With the same logic you could say that tar is not a command you
should be running as root. I mean, I agree that you shouldn't run a whole
xsession as root, including KDE and Mozilla :) but for a low level tool as
dpkg-source it should simply work.
We should not let security come in the way of usability. Where it is, the
programs need to be made more secure, not crippled to become unusable in
certain situations (like perldoc, which simply refuses to start).
Especially if it is easy to fix.
`Rhubarb is no Egyptian god.' Debian http://www.debian.org firstname.lastname@example.org
Marcus Brinkmann GNU http://www.gnu.org email@example.com
To UNSUBSCRIBE, email to firstname.lastname@example.org
with a subject of "unsubscribe". Trouble? Contact email@example.com