Florian Weimer: > To some extent, it's a policy decision. Is dpkg-deb supposed to > process untrusted input?
Are you in the habit of installing third-party debs w/o using dpkg to dump their control files for review? Lets fact it, there are a lot[1] of third-party debs out there, this is something dpkg needs to safely support if our users have even a hope of using them securely. -- see shy jo [1] www.apt-get.org
signature.asc
Description: Digital signature
