Le Tue, Dec 29, 2009 at 08:27:56PM -0800, Russ Allbery a écrit : > Charles Plessy <ple...@debian.org> writes: > > > There were some concerns that applying patches through debian/rules > > could be a security hole. In my opinion – that I already expressed in > > the DEP1 discussion – given that 1) dpkg-source will not extract > > packages that are not GPG-trusted, > > Eh? I'm fairly sure it does for me, although it prints a warning.
Indeed I was wrong: dpkg-source will refuse to unnpack a package that is signed but the key is not available locally, however it will accept to unpack a package that is not signed. Sorry for the confusion, -- Charles Plessy Tsurumi, Kanagawa, Japan -- To UNSUBSCRIBE, email to debian-devel-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
