[EMAIL PROTECTED] (Jules Bean) wrote on 18.03.99 in <[EMAIL PROTECTED]>:
> Why is it dangerous to allow arbitrary scripts to be executed? *During unpacking*. > We allow arbitrary scripts to be executed from debian/rules. That's That's not run during unpacking, though. > pretty dangerous, isn't it? I could slip an rm -fr ~ into a debian/rules > in a package I maintain. Presumably, you trust me not to do that. If I wouldn't trust you, how would I make sure? Obviously, by looking at your sources. And how would I do that? I'd download them and do dpkg-source -x. Oops! If I can't trust dpkg-source -x, then we have a *serious* problem. MfG Kai
