OoO En cette soirée bien amorcée du vendredi 30 mai 2008, vers 22:42, "William Vera" <billy@billy.com.mx> disait: >>> In fact, is not a bug, because vfu say 'support' for list and read, >>> does not depend on them (unzip, bzip2, etc) for build o run the >>> program. >> >> Well, without unzip, vfu is unable to read a zip file. Without tar and >> gzip, it is not able to read a tar.gz. If you look at wrappers in rx/, >> you see that they use tar, unzip, etc. > should include them in control then? Yes. As Depends or as Recommends. >> Moreover, those wrappers are some security issue. They use predictable >> name in a world writable directory (/tmp/XXXXXX.rx.cache). They should >> use mktemp based filename instead. > Suggests a patch for this case? You should discuss this issue with upstream. The cache should survive accross invocations so you cannot just use mktemp. vfu should provide those wrappers a unique directory to store this cache. -- BOFH excuse #269: Melting hard drives
Attachment:
pgpssztZac8lV.pgp
Description: PGP signature