Code review comment for lp:~milo/linaro-ci/bug1064686

Milo, I don't know where from you got this idiom:

 if [ "${MAKE_DTBS}" ] && $MAKE_DTBS;

But it's dangerous to allow literal input string data to be executed as shell commands. You may say that in this case we allow user to pass commands as inputs (*1), but the above is bad *pattern*: MAKE_DTBS has string value, and should not be allowed to be interpreted as command. Failing that would lead from mildly unpleasant to highly dangerous results, so better never to use that at all.

*1 I'm not sure if that's true for this specific build type or not, but for some build types we may.