Bug#517637: Standard Tarball Suffixes
Barak A. Pearlmutter
barak at pearlmutter.net
Tue Nov 10 15:26:33 UTC 2015
One security issue would be if someone slipped a specially crafted
tarball into the upstream site: that tarball could maybe do bad things
in a shell script that is extracting the version string. This would
put the shell script and everything it uses into the "code should be
secure against malformed input" category.
On the other hand, it is always nice to automate any kind of "do this
scan periodically" process.
More information about the devscripts-devel
mailing list