* Paul Wise: > On Wed, Jan 1, 2020 at 1:00 PM Florian Weimer wrote: > >> Doesn't lintian on ftp-master use disposable VMs? > > No mention of qemu/kvm in dak.git nor any qemu processes running on > ftp-master.d.o, so I don't think so.
Uh-oh. >> Some of its checks look inherently dangerous, e.g. the bash -n check for >> shell syntax. > > What is dangerous about `bash -n`? IIRC that is supposed to not > execute shell code, but I guess you mean that the shell parsers in > Debian (bash/dash/etc) are particularly fragile? Yes, exactly. > The same can probably be said for the manual page checks and > probably other parts of lintian. Which means that it's not reasonable to make lintian checks part of the trusted computing base. And objdump (or BFD/binutils) is just a tiny aspect of that. Just to be clear here, I'm not saying that a safe objdump or GDB wouldn't be useful. (Trusted GDB across container binaries could be quite interesting.) It's just unrealistic that it's possible to achieve anything close to that with the current code base.
