Comment 6 for bug 608450

Aaron Bentley (abentley) wrote :

In a sense, run is the same as rules because both allow for arbitrary code execution, and so run is unnecessary.

However, run was blacklisted to ensure that the debianized tree output for a given recipe would be repeatable.

See the "Supporting commands" section of https://wiki.ubuntu.com/DailyUpstreamBuildsPOCSpec.

We are also considering performing the tree generation as a separate step on a non-buildfarm, non-virtualized machine, and that would mean we could not run untrusted code.