Hi, Cyril Chaboisseau <cyril.chaboisseau@free.fr> (2017-02-18): > Fine, but busybox will eventually be upgraded to a newer stable version > at some point, or it will suffer from old/buggy version with potential > security holes > if not, it means that on the long run it will be very difficult to > cherry-pick those security patches and the project wil not benefit from > new features and improvements I'm not disputing that, and that's why I mentioned in my first reply that I called for help so that others give a hand and get a new upstream packaged. > as for bug #854924, don't you think it would have never occured if a > newer version of busybox were installed? (after 1.23 at least) With a newer sed (that is: including the fix you linked to), sed -i would fail because of a missing file to work on, and would have broken the installation process instead of generating a file with strange permissions. That's why I mentioned we need to guard the sed call with a test on its existence. In other words, the fix pushed for #854924 was needed either way. KiBi.
Attachment:
signature.asc
Description: Digital signature