Re: A media type for the machine-readable copyright format ?
On Mon, Sep 10, 2012 at 04:45:53PM -0700, Russ Allbery wrote:
>
> > - About security, the discussion on debian-devel leads me to think that
> > there is no need to worry. I included a short comment suggesting that
> > field values should be sanitised as usual. Does anybody see other
> > potential security issues ?
>
> No, your security considerations seem reasonable to me.
While it is probably very reasonable to do sanity checks as usual the
"as usual" is a hint that the phrase might be redundant. It somehow has
the value as "People parsing debian/copyright should know their job." As
I said in a previous mail the "attacker" is the same person (group of
persons) who writes debian/copyright *and* all the other packaging stuff
- so he would attack himself.
Just my 2 Eurocents
Andreas.
--
http://fam-tille.de
Reply to: