Hi, I have a fork of tar_scm that takes an arbitrary command which is run at a particular point in the tarball generation process. (We are using this to generate a C header file containing the version number of our software, so it includes the output of "git describe".) As long as this is run using "osc service disabledrun" I am quite sure it does not present any security risk, since the command is run on the local machine. What I am not sure is what will happen (if anything), and especially what security implications there would be, if someone tries to use such a feature on the server side? Regards and thanks in advance for any reply whatsoever. Nathan -- To unsubscribe, e-mail: opensuse-buildservice+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-buildservice+owner@opensuse.org