On Mon, Sep 10, 2012 at 04:45:53PM -0700, Russ Allbery wrote: > > > - About security, the discussion on debian-devel leads me to think that > > there is no need to worry. I included a short comment suggesting that > > field values should be sanitised as usual. Does anybody see other > > potential security issues ? > > No, your security considerations seem reasonable to me.
While it is probably very reasonable to do sanity checks as usual the "as usual" is a hint that the phrase might be redundant. It somehow has the value as "People parsing debian/copyright should know their job." As I said in a previous mail the "attacker" is the same person (group of persons) who writes debian/copyright *and* all the other packaging stuff - so he would attack himself. Just my 2 Eurocents Andreas. -- http://fam-tille.de -- To UNSUBSCRIBE, email to debian-project-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/20120911075026.gc14...@an3as.eu