Paul Wise <p...@debian.org> writes: > On Thu, Apr 12, 2018 at 5:02 AM, Russ Allbery wrote:
>> Rather than documenting this fallback in Policy, why not add that >> fallback directly to uscan? > uscan is used in situations where one does not want arbitrary code from > source packages automatically run by uscan. As long as `uscan --safe` > ignores that fallback, that should be fine I guess though. Personally, I'd probably add an interactive prompt warning about the dangers and stressing that the source package needs to be trusted if stdin and stdout are connected to a tty, and otherwise fail and require some flag to use the fallback from the source package. But happy to let whoever implements this pick their strategy. :) -- Russ Allbery (r...@debian.org) <http://www.eyrie.org/~eagle/>