Web lists-archives.com

Re: Debian Policy 4.1.4.0 released




Paul Wise <pabs@xxxxxxxxxx> writes:
> On Thu, Apr 12, 2018 at 5:02 AM, Russ Allbery wrote:

>> Rather than documenting this fallback in Policy, why not add that
>> fallback directly to uscan?

> uscan is used in situations where one does not want arbitrary code from
> source packages automatically run by uscan. As long as `uscan --safe`
> ignores that fallback, that should be fine I guess though.

Personally, I'd probably add an interactive prompt warning about the
dangers and stressing that the source package needs to be trusted if stdin
and stdout are connected to a tty, and otherwise fail and require some
flag to use the fallback from the source package.  But happy to let
whoever implements this pick their strategy.  :)

-- 
Russ Allbery (rra@xxxxxxxxxx)               <http://www.eyrie.org/~eagle/>