Bug#286379: lintian: Insecure temporary directory usage

To: Jeroen van Wolffelaar <jeroen@wolffelaar.nl>
Cc: 286379@bugs.debian.org, Javier Fern?ndez-Sanguino Pe?a <jfs@computer.org>
Subject: Bug#286379: lintian: Insecure temporary directory usage
From: Florian Weimer <fw@deneb.enyo.de>
Date: Mon, 20 Dec 2004 00:47:52 +0100
Message-id: <[🔎] 87llbtc0k7.fsf@deneb.enyo.de>
Reply-to: Florian Weimer <fw@deneb.enyo.de>, 286379@bugs.debian.org
In-reply-to: <[🔎] 20041219232909.GA380@A-Eskwadraat.nl> (Jeroen van Wolffelaar's message of "Mon, 20 Dec 2004 00:29:09 +0100")
References: <[🔎] 20041219225832.GC9687@silicio> <[🔎] 20041219232909.GA380@A-Eskwadraat.nl>

* Jeroen van Wolffelaar:

> FWIW, maintainers of lintian can always be mailed privately about
> security issues, so that this could have been fixed in a timely matter.
> I never got any mail about this issue.

Debian guidelines discourage contacting the maintainers with security
holes:

<http://www.debian.org/security/faq#care>

(These instructions are somehwat inconsistent.  For sid, you are
supposed to work directly with upstream and/or packages maintainers
AFAIK because the security team does not really have the resources to
deal with sid, too.)

OTOH, the Social Contract does not really propagate the secret filing
of security bugs.  (Yeah, I know, we have some disagreement, no need
to rehash the old discussion.)

Reply to:

References:
- Bug#286379: lintian: Insecure temporary directory usage
  - From: Javier Fernández-Sanguino Peña <jfs@computer.org>
- Bug#286379: lintian: Insecure temporary directory usage
  - From: Jeroen van Wolffelaar <jeroen@wolffelaar.nl>

Prev by Date: Bug#286379: lintian: Insecure temporary directory usage
Next by Date: Bug#286379: lintian: Insecure temporary directory usage
Previous by thread: Bug#286379: lintian: Insecure temporary directory usage
Next by thread: Bug#286379: lintian: Insecure temporary directory usage
Index(es):
- Date
- Thread