Bug#706778: debian-policy: Please explicitly forbid "-" at the start of Deb822 field names
Hi!
On Mon, 2013-09-16 at 11:32:14 +0900, Charles Plessy wrote:
> > Guillem Jover <guillem@debian.org> writes:
> > > I concur completely, and I'm considering rejecting such fields from
> > > dpkg 1.17.x, for the reason above.
I've got a local commit now rejecting these, targetted for 1.17.2.
> how about the attched patch ? I named ‘-’ hyphen because it is how it is
> consistently called in the Policy (but unfortunately not in the
> machine-readable specification for Debian copyright files).
Yeah I think hyphen is the correct word to use, I'll unify the wording
in dpkg too, there's some mentions of dash there.
> Guillem, Russ, given your very positive opinion about the change, shall I list
> you as seconding this patch ?
I'm happy to second such change, although I've a nitpicking comment…
> diff --git a/upgrading-checklist.sgml b/upgrading-checklist.sgml
> index b58b740..883af61 100644
> --- a/upgrading-checklist.sgml
> +++ b/upgrading-checklist.sgml
> @@ -40,6 +40,10 @@ picking your way through this list.
> Unreleased.
>
> </p><p><taglist>
> +<tag>5.1</tag>
> + <item>Control data fields must not start with the hyphen character
> + (<tt>-</tt>) because it interferes with clearsigning control data files.
> + </item>
> <tag>5.4, 5.6.24</tag>
> <item><tt>Checksums-Sha1</tt> and <tt>Checksums-Sha256</tt> are now
> mandatory in <file>.dsc</file> files.
Strictly speaking the problem is with (all?) deb822 parsers that do
not dash-unescape clearsigned messages not with the possibly
dash-escaped control files, proper dash-escaping is there precisely
to avoid any interference from initial dashes.
And the reason to ban initial hyphens is because they do not make
sense in field names and I don't think it's worth updating all
parsers.
Thanks,
Guillem
Reply to: