* Kilian Krause <[email protected]>, 2011-07-26, 22:25:
- detect whether debian/watch is there and useful
- if so and if the version is not mangled (like ~dfsg etc.), run uscan
--force-download in a patched version that does not involve uupdate or
svn-update (i.e. does call any programs that an "attacker" might want
to turn against us)
It's a shame that uscan is insecure-by-design. I use my wrapper script
to add a bit sanity to it:
https://bitbucket.org/jwilk/debian-misc/src/tip/upscan
--
Jakub Wilk
--
To UNSUBSCRIBE, email to [email protected]
with a subject of "unsubscribe". Trouble? Contact [email protected]
Archive: http://lists.debian.org/[email protected]
