From d20643cc0ac89ee30cf0e546d689e67085294ace Mon Sep 17 00:00:00 2001 From: David Kalnischkies Date: Fri, 25 Nov 2016 17:42:47 +0100 Subject: default to --no-check for dpkg-source call MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit In bug #757534 the opposite direction was initially requested, but what we did end up with was having a possibility to configure the options passed to dpkg. The reasoning given their and in #724744 is specific why apt doesn't need the checks to be performed by dpkg. In fact, what these two reports show is that if those checks are run people end up being confused about the requirement of them being run, so given the best case those checks can do is do nothing (visibly) while the worst cases are warnings and errors which are neither we are from a security point better of with disabling them – as (as mentioned in the bugreports) false positives for issues are really really bad in a security context. Closes: 724744 --- apt-private/private-source.cc | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'apt-private') diff --git a/apt-private/private-source.cc b/apt-private/private-source.cc index 3b10399d3..68935d97d 100644 --- a/apt-private/private-source.cc +++ b/apt-private/private-source.cc @@ -520,7 +520,7 @@ bool DoSource(CommandLine &CmdL) else { // Call dpkg-source - std::string const sourceopts = _config->Find("DPkg::Source-Options", "-x"); + std::string const sourceopts = _config->Find("DPkg::Source-Options", "--no-check -x"); std::string S; strprintf(S, "%s %s %s", _config->Find("Dir::Bin::dpkg-source","dpkg-source").c_str(), -- cgit v1.2.3