Bug#706778: debian-policy: Please explicitly forbid "-" at the start of Deb822 field names
On Sat, 2013-05-04 at 20:27:50 +0200, Niels Thykier wrote:
> Package: debian-policy
> Severity: minor
> Policy §5.1 states that:
>
> """
> [...] The field name is composed of US-ASCII characters excluding
> control characters, space, and colon (i.e., characters in the ranges
> 33-57 and 59-126, inclusive). Field names must not begin with the
> comment character, #.
> """
>
> This suggests that (e.g.)
>
> "-Field: value"
>
> is a valid field. Or (a bit more screwed):
>
> "-----BEGIN: PGP SIGNATURE-----"
>
> would be the field "-----BEGIN" with a value of "PGP SIGNATURE-----".
Which is problematic because clearsigned messages need to be
dash-escaped, and I don't think any of our tools parsing these will
unescape them. Please see #696234 for a lengthier discussion on this,
where I wrongly thought dpkg/dpkg-dev already rejected those, but I've
checked now and it does not. :/
> I would like recommend that the Policy explicitly forbids the use of
> "-" at the start of a field name.
I concur completely, and I'm considering rejecting such fields from
dpkg 1.17.x, for the reason above.
Thanks,
Guillem
Reply to: