Package: dpkg-dev
Version: 1.14.25
Severity: normal
I noticed that `dpkg-source -b SOURCEDIR` will create a *.debian.tar.gz
which includes personal informations. This includes username and group
of the current user which creates a package. These informations aren't
meant for other people. dpkg-source should only use numerical user and
group names and/or set the id and group to 0. This can be done with the
options --owner 0 --group 0 --numeric-owner
It can be checked with `tar zftv *.debian.tar.gz`
Example call would be:
`tar cvfz ~/test.tar.gz --owner 0 --group 0 --numeric-owner
/var/lib/dpkg/alternatives`
--- System information. ---
Architecture: amd64
Kernel: Linux 2.6.28.7
Debian Release: squeeze/sid
500 unstable ftp.debian.org
1 experimental ftp.debian.org
--- Package information. ---
Depends (Version) | Installed
=================================-+-=============
dpkg (>= 1.14.6) | 1.14.25
perl5 |
perl-modules | 5.10.0-19
cpio (>= 2.4.2-2) | 2.9.90-3
bzip2 | 1.0.5-1
lzma | 4.43-14
patch (>= 2.2-1) | 2.5.9-5
make | 3.81-5
binutils | 2.19.1-1
libtimedate-perl | 1.1600-9
--
To UNSUBSCRIBE, email to [email protected]
with a subject of "unsubscribe". Trouble? Contact [email protected]
