[aur-dev] Safe and relatively reliable PKGBUILD parser.
Jim Pryor
lists+aur-dev at jimpryor.net
Tue Jan 12 09:04:43 EST 2010
On Tue, Jan 12, 2010 at 02:29:35PM +0100, Xyne wrote:
> That doesnt work for overridden variables in split packages because they
> are set inside the packaging function(s).
Yes, right, good point. That answers a question I asked in another
message.
> Even without that to consider, you cannot blindly trust the variable
> declaration section of PKGBUILDs uploaded to the AUR.
Yes, exactly, that's why I was thinking of exploits your method might
still be vulnerable to unless you take special steps to catch them.
--
Jim Pryor
profjim at jimpryor.net
More information about the aur-dev
mailing list