Package: devscripts
Version: 2.17.6+deb9u1~bpo8+1

Paul Wise writes on debian-devel:
> uscan is used in situations where one does not want arbitrary code
> from source packages automatically run by uscan. As long as `uscan
> --safe` ignores that fallback, that should be fine I guess though.

I wasn't aware of uscan --safe.

IMO `--safe' options are bad practice.  That should be the default.
`--unsafe' should be provided for when it is neeeded.  gs had -dSAFER
which caused many security bugs until eventually it was made the

So the default in uscan should be changed.  Looking at the manual I
think it's possible that some of uscan's behaviours with --safe are
too conservative, but at the very minimum I would expect that by
default, uscan would:
 * not execute arbitrary code from the source package or the network
 * make only likely-to-be-relatively-harmless network connection attempts
   (so https to port 443 is probably OK; gopher to arbitrary ports is not)
 * avoid writing any files with unpredictable names (or names
   too-much-controlled by the source package or the network)


Ian Jackson <>   These opinions are my own.

If I emailed you from an address or, that is
a private address which bypasses my fierce spamfilter.

Reply via email to