Re: RFS: vfu (updated package)
Hi
2008/5/31 Vincent Bernat <bernat@debian.org>:
> OoO En cette soirée bien amorcée du vendredi 30 mai 2008, vers 22:42,
> "William Vera" <billy@billy.com.mx> disait:
>
>>>> In fact, is not a bug, because vfu say 'support' for list and read,
>>>> does not depend on them (unzip, bzip2, etc) for build o run the
>>>> program.
>>>
>>> Well, without unzip, vfu is unable to read a zip file. Without tar and
>>> gzip, it is not able to read a tar.gz. If you look at wrappers in rx/,
>>> you see that they use tar, unzip, etc.
>
>> should include them in control then?
>
> Yes. As Depends or as Recommends.
Done, package updated:
http://mentors.debian.net/debian/pool/main/v/vfu/
>
>>> Moreover, those wrappers are some security issue. They use predictable
>>> name in a world writable directory (/tmp/XXXXXX.rx.cache). They should
>>> use mktemp based filename instead.
>
>> Suggests a patch for this case?
>
> You should discuss this issue with upstream. The cache should survive
> accross invocations so you cannot just use mktemp. vfu should provide
> those wrappers a unique directory to store this cache.
I sent an email to upstream to discuss about it. I think that will be
a new upstream version.
Thanks
> --
> BOFH excuse #269:
> Melting hard drives
>
--
William Vera <billy@billy.com.mx>
PGP Key: 1024D/F5CC22A4
Fingerprint: 3E73 FA1F 5C57 6005 0439 4D75 1FD2 BF96 F5CC 22A4
Reply to: