Colin Watson writes ("Bug#392362: [PROPOSAL] Add should not embed code from other packages"): > Gnulib in fact provides a number of other useful utility functions as > well as simply replacement functions (e.g. xmalloc, xasprintf, > compile_csharp_using_pnet, execute_java_class) so this assumption may > well not be correct. When we find a /tmp handling vulnerability in gnulib, will we not have a serious problem ? Ian.