Re: set of patches
Raphael Geissert <atomo64+debian@gmail.com> writes:
> Attached are the following two patches in a git-friendly mbox format:
>
> lintian_enhanced_possibly-insecure-handling-of-tmp-files-in-maintainer-script.patch:
> Requires the tmp dir name to have a name thus reducing the number of
> false positives and allowing to check for = /tmp/foo thus also
> decreasing the number of false negatives (or at least I hope it does).
> It no longer ignores mkdir as it may also suffer from attacks when the
> error is ignored, compacts the mktemp/mkstemp checks and ignores the
> line if $RANDOM is present.
I'm not comfortable with removing mkdir on the grounds that it *might* not
be error-checked. Nearly all maintainer scripts are error-checked, which
makes mkdir safe.
This otherwise looks okay, though, so I'll apply it without that change.
> lintian_maintainer-also-in-uploaders.patch:
> Added to detect situations where the person in the Maintainer field is also
> in Uploaders.
Thanks, applied with some changes to the long tag description and the
addition of the Severity/Certainty tags.
--
Russ Allbery (rra@debian.org) <http://www.eyrie.org/~eagle/>
Reply to: