* Florian Weimer ([EMAIL PROTECTED]) [050106 11:45]: > * Andreas Barth: > > This means: If the local file dists/sid/main/binary-i386/Packages has > > the sha1-sum of f3a0c1972021af11782c661d1bd5214f1d443868, take the patch > > named 2005-01-04-1633.27 (and this patch has the given size and > > sha1-sum). Of course, this patch is a gz'ed file. The Patches are > > ed-style, which is better for size. > Is this really a good idea? patch invokes ed(1) to process ed > scripts, and this might lead to execution of arbitrary commands.
It is agreed that the usage of patch and ed is _not_ the recommended way for production code (but acceptable for prototype code). However, as already discussed last time, the patches need only a tiny subset of ed that is not only provided by red, but can even be implemented internally in apt. Cheers, Andi -- http://home.arcor.de/andreas-barth/ PGP 1024/89FB5CE5 DC F1 85 6D A6 45 9C 0F 3B BE F1 D0 C5 D1 D9 0C
