Hi Jakub, On Tue, Jul 26, 2011 at 10:40:44PM +0200, Jakub Wilk wrote: > * Kilian Krause <kil...@debian.org>, 2011-07-26, 22:25: > >- detect whether debian/watch is there and useful > >- if so and if the version is not mangled (like ~dfsg etc.), run > >uscan --force-download in a patched version that does not involve > >uupdate or svn-update (i.e. does call any programs that an > >"attacker" might want to turn against us) > > It's a shame that uscan is insecure-by-design. I use my wrapper > script to add a bit sanity to it: > https://bitbucket.org/jwilk/debian-misc/src/tip/upscan
that one isn't packaged by chance and scheduled to also be able to do multiple orig.tar.* as per dpkg-source v3? ;-) Would make it a perfect drop in replacement for my review process. *g* -- Best regards, Kilian
signature.asc
Description: Digital signature
