[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: A media type for the machine-readable copyright format ?

On Mon, Sep 10, 2012 at 04:45:53PM -0700, Russ Allbery wrote:
> >  - About security, the discussion on debian-devel leads me to think that
> >  there is no need to worry.  I included a short comment suggesting that
> >  field values should be sanitised as usual.  Does anybody see other
> >  potential security issues ?
> No, your security considerations seem reasonable to me.

While it is probably very reasonable to do sanity checks as usual the
"as usual" is a hint that the phrase might be redundant.  It somehow has
the value as "People parsing debian/copyright should know their job." As
I said in a previous mail the "attacker" is the same person (group of
persons) who writes debian/copyright *and* all the other packaging stuff
- so he would attack himself.

Just my 2 Eurocents



Reply to: