On Tue, Jan 12, 2010 at 02:29:35PM +0100, Xyne wrote: > That doesnt work for overridden variables in split packages because they > are set inside the packaging function(s).
Yes, right, good point. That answers a question I asked in another message. > Even without that to consider, you cannot blindly trust the variable > declaration section of PKGBUILDs uploaded to the AUR. Yes, exactly, that's why I was thinking of exploits your method might still be vulnerable to unless you take special steps to catch them. -- Jim Pryor prof...@jimpryor.net
