On Oct 10, 2019, at 9:02 PM, Matthew Gabeler-Lee <chee...@fastcat.org> wrote: > > I think the patch _was_ the original bug report, specifically this: > > MAINTAINER="`eval "echo '$1'"`" > > As compared to what the checkinstall code does now: > > MAINTAINER=`eval echo $1` > > The suggested extra layer of quoting will help with many issues around the > standard maintainer name format, I think. If you have single quotes in the > argument values it will still have problems, but it's at least better than > the current state of affairs. > > It's unclear to me why this extra layer of indirection is happening at all, > though, and why it can't just do: > > MAINTAINER="$1" > > I can only imagine that there's some desire to let you indirectly reference > variables set by earlier arguments, but I have also seen anti-patterns like > this before from folks that just have a brain fart and forget how bash > works. > > // extra frustration: whomever wrote this clearly knew this was an issue, > // because the manpage says: "Be careful to correctly quote/escape the name, > // to prevent shell expansion", but fails to note that "correct" is not well > // defined and barely achievable here.
Great catch, I agree that does seem to be the problem. I’ll try to patch this soon. Stephen
