[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#706778: debian-policy: Please explicitly forbid "-" at the start of Deb822 field names

On Sat, 2013-05-04 at 20:27:50 +0200, Niels Thykier wrote:
> Package: debian-policy
> Severity: minor

> Policy §5.1 states that:
> 
> """
> [...] The field name is composed of US-ASCII characters excluding
> control characters, space, and colon (i.e., characters in the ranges
> 33-57 and 59-126, inclusive). Field names must not begin with the
> comment character, #.
> """
> 
> This suggests that (e.g.)
> 
>   "-Field: value"
> 
> is a valid field.  Or (a bit more screwed):
> 
>   "-----BEGIN: PGP SIGNATURE-----"
> 
> would be the field "-----BEGIN" with a value of "PGP SIGNATURE-----".

Which is problematic because clearsigned messages need to be
dash-escaped, and I don't think any of our tools parsing these will
unescape them. Please see #696234 for a lengthier discussion on this,
where I wrongly thought dpkg/dpkg-dev already rejected those, but I've
checked now and it does not. :/

> I would like recommend that the Policy explicitly forbids the use of
> "-" at the start of a field name.

I concur completely, and I'm considering rejecting such fields from
dpkg 1.17.x, for the reason above.

Thanks,
Guillem
Reply to: