On 21 Mar 2000, Brian May wrote: > >>>>> "Adam" == Adam Heath <[EMAIL PROTECTED]> writes: > > How would you create these diffs?
Please reread the mails. I said it only extracts. I've said nothing about building anything yet. > Also, have you considered how such a system could be integrated > with CVS? No, I haven't. At this early point, I don't want to think about it. And, what I have done is just a test, to see if it is actually possible. Everything I have done will NOT appear in any final version. > Who would this work without CVS? If the maintainer wanted to create > the diff files manually (is this the only way?), could he/she include > the diffs somewhere in the source tree, or would he/she have to > manually create and update the *.diffs.tar.gz file? There will be an automated tool to do it, it just haven't been designed/created yet. > Adam> Actually, it will make things 'less trustworthy,' to quote > Adam> Ian. What is to keep a script in debian/ from editting the > Adam> files that exist in debian/diffs? > > I don't understand the security concern - what is to stop the > script from patching any number of files in the source tree, during > the standard build process? This is no different than the current dpkg-source -x. Ian's concern(please reread the transcript) was that to extract the source(and apply the patches) it(dbs) had to run shell code that was inside each pkg. This shell code could be 'tainted' with a trojan horse. The new way has the code responsible for extracting and patching the source part of dpkg-source itself. This means someone only has to do one audit, on dpkg-source, and once satisfied, knw the series of steps that are taken to extract a source archive. ----BEGIN GEEK CODE BLOCK---- Version: 3.12 GCS d- s: a-- c+++ UL++++ P+ L++++ !E W+ M o+ K- W--- !O M- !V PS-- PE++ Y+ PGP++ t* 5++ X+ tv b+ D++ G e h*! !r z? -----END GEEK CODE BLOCK----- ----BEGIN PGP INFO---- Adam Heath <[EMAIL PROTECTED]> Finger Print | KeyID 67 01 42 93 CA 37 FB 1E 63 C9 80 1D 08 CF 84 0A | DE656B05 PGP AD46 C888 F587 F8A3 A6DA 3261 8A2C 7DC2 8BD4 A489 | 8BD4A489 GPG -----END PGP INFO-----
